mirror of
https://github.com/openziti/zrok.git
synced 2025-01-18 11:58:17 +01:00
add frontend grant check when closed permission mode frontend (#539)
This commit is contained in:
parent
49368dc542
commit
9bbe4532a0
@ -116,6 +116,17 @@ func (h *shareHandler) Handle(params share.ShareParams, principal *rest_model_zr
|
||||
logrus.Error(err)
|
||||
return share.NewShareNotFound()
|
||||
}
|
||||
if sfe.PermissionMode == store.ClosedPermissionMode {
|
||||
granted, err := str.IsFrontendGrantedToAccount(int(principal.ID), sfe.Id, trx)
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
return share.NewShareInternalServerError()
|
||||
}
|
||||
if !granted {
|
||||
logrus.Errorf("'%v' is not granted access to frontend '%v'", principal.Email, frontendSelection)
|
||||
return share.NewShareNotFound()
|
||||
}
|
||||
}
|
||||
if sfe != nil && sfe.UrlTemplate != nil {
|
||||
frontendZIds = append(frontendZIds, sfe.ZId)
|
||||
frontendTemplates = append(frontendTemplates, *sfe.UrlTemplate)
|
||||
|
18
controller/store/frontendGrant.go
Normal file
18
controller/store/frontendGrant.go
Normal file
@ -0,0 +1,18 @@
|
||||
package store
|
||||
|
||||
import (
|
||||
"github.com/jmoiron/sqlx"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
func (str *Store) IsFrontendGrantedToAccount(acctId, frontendId int, trx *sqlx.Tx) (bool, error) {
|
||||
stmt, err := trx.Prepare("select count(0) from frontend_grants where account_id = $1 AND frontend_id = $2")
|
||||
if err != nil {
|
||||
return false, errors.Wrap(err, "error preparing frontend_grants select statement")
|
||||
}
|
||||
var count int
|
||||
if err := stmt.QueryRow(acctId, frontendId).Scan(&count); err != nil {
|
||||
return false, errors.Wrap(err, "error querying frontend_grants count")
|
||||
}
|
||||
return count > 0, nil
|
||||
}
|
Loading…
Reference in New Issue
Block a user