Rooba
/
perkeep
mirror of https://github.com/perkeep/perkeep.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Validate PublishHandler.ViewerIsOwner with auth.Allowed 

Change-Id: Ic12926696a6f082a794577e395ff277bbb34daec
This commit is contained in:
Dustin Sallings 2013-12-19 13:49:42 -08:00
parent 270a7f5e16
commit 2d15de3933
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/server/publish.go
View File

@ -35,6 +35,7 @@ import (
"strings"
"time"
"camlistore.org/pkg/auth"
"camlistore.org/pkg/blob"
"camlistore.org/pkg/blobserver"
"camlistore.org/pkg/client" // just for NewUploadHandleFromString. move elsewhere?
@ -330,8 +331,7 @@ func (ph *PublishHandler) NewRequest(rw http.ResponseWriter, req *http.Request)
func (ph *PublishHandler) ViewerIsOwner(req *http.Request) bool {
// TODO: better check later
return strings.HasPrefix(req.RemoteAddr, "127.") ||
strings.HasPrefix(req.RemoteAddr, "localhost:")
return auth.Allowed(req, auth.OpAll)
}
func (pr *publishRequest) ViewerIsOwner() bool {