diff options
| author | Alex Auvolat <alex@adnab.me> | 2020-02-12 00:13:24 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2020-02-12 00:13:24 +0100 |
| commit | 3fbbe61a460b8d5415b61de505b4ac1ab8692b25 (patch) | |
| tree | a1973b6e93c64bd968dc7130f3b38b5690efc322 /admin.go | |
| parent | 7ca56ba8df6c936909e3fe64d8e22d6ece50e9b2 (diff) | |
| download | guichet-3fbbe61a460b8d5415b61de505b4ac1ab8692b25.tar.gz guichet-3fbbe61a460b8d5415b61de505b4ac1ab8692b25.zip | |
Refactor is_admin check
Diffstat (limited to 'admin.go')
| -rw-r--r-- | admin.go | 16 |
1 files changed, 2 insertions, 14 deletions
@@ -18,20 +18,8 @@ func checkAdminLogin(w http.ResponseWriter, r *http.Request) *LoginStatus { return nil } - can_admin := (login.Info.DN == config.AdminAccount) - fmt.Printf("%#v", login.UserEntry) - for _, attr := range login.UserEntry.Attributes { - if strings.EqualFold(attr.Name, "memberof") { - for _, group := range attr.Values { - if config.GroupCanAdmin != "" && group == config.GroupCanAdmin { - can_admin = true - } - } - } - } - - if !can_admin { - http.Redirect(w, r, "/", http.StatusFound) + if !login.CanAdmin { + http.Error(w, "Not authorized to perform administrative operations.", http.StatusUnauthorized) return nil } |