aboutsummaryrefslogtreecommitdiff
path: root/admin.go
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2020-02-12 00:13:24 +0100
committerAlex Auvolat <alex@adnab.me>2020-02-12 00:13:24 +0100
commit3fbbe61a460b8d5415b61de505b4ac1ab8692b25 (patch)
treea1973b6e93c64bd968dc7130f3b38b5690efc322 /admin.go
parent7ca56ba8df6c936909e3fe64d8e22d6ece50e9b2 (diff)
downloadguichet-3fbbe61a460b8d5415b61de505b4ac1ab8692b25.tar.gz
guichet-3fbbe61a460b8d5415b61de505b4ac1ab8692b25.zip
Refactor is_admin check
Diffstat (limited to 'admin.go')
-rw-r--r--admin.go16
1 files changed, 2 insertions, 14 deletions
diff --git a/admin.go b/admin.go
index ccfbe31..b480507 100644
--- a/admin.go
+++ b/admin.go
@@ -18,20 +18,8 @@ func checkAdminLogin(w http.ResponseWriter, r *http.Request) *LoginStatus {
return nil
}
- can_admin := (login.Info.DN == config.AdminAccount)
- fmt.Printf("%#v", login.UserEntry)
- for _, attr := range login.UserEntry.Attributes {
- if strings.EqualFold(attr.Name, "memberof") {
- for _, group := range attr.Values {
- if config.GroupCanAdmin != "" && group == config.GroupCanAdmin {
- can_admin = true
- }
- }
- }
- }
-
- if !can_admin {
- http.Redirect(w, r, "/", http.StatusFound)
+ if !login.CanAdmin {
+ http.Error(w, "Not authorized to perform administrative operations.", http.StatusUnauthorized)
return nil
}