mirror of
https://github.com/harness/drone.git
synced 2025-05-10 16:40:22 +08:00
50 lines
1.5 KiB
Go
50 lines
1.5 KiB
Go
// Copyright 2019 Drone.IO Inc. All rights reserved.
|
|
// Use of this source code is governed by the Drone Non-Commercial License
|
|
// that can be found in the LICENSE file.
|
|
|
|
package acl
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/drone/drone/handler/api/errors"
|
|
"github.com/drone/drone/handler/api/render"
|
|
"github.com/drone/drone/handler/api/request"
|
|
"github.com/drone/drone/logger"
|
|
)
|
|
|
|
// AuthorizeUser returns an http.Handler middleware that authorizes only
|
|
// authenticated users to proceed to the next handler in the chain. Guest users
|
|
// are rejected with a 401 unauthorized error.
|
|
func AuthorizeUser(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
_, ok := request.UserFrom(r.Context())
|
|
if !ok {
|
|
render.Unauthorized(w, errors.ErrUnauthorized)
|
|
logger.FromRequest(r).
|
|
Debugln("api: authentication required")
|
|
} else {
|
|
next.ServeHTTP(w, r)
|
|
}
|
|
})
|
|
}
|
|
|
|
// AuthorizeAdmin returns an http.Handler middleware that authorizes only
|
|
// system administrators to proceed to the next handler in the chain.
|
|
func AuthorizeAdmin(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
user, ok := request.UserFrom(r.Context())
|
|
if !ok {
|
|
render.Unauthorized(w, errors.ErrUnauthorized)
|
|
logger.FromRequest(r).
|
|
Debugln("api: authentication required")
|
|
} else if !user.Admin {
|
|
render.Forbidden(w, errors.ErrForbidden)
|
|
logger.FromRequest(r).
|
|
Debugln("api: administrative access required")
|
|
} else {
|
|
next.ServeHTTP(w, r)
|
|
}
|
|
})
|
|
}
|