From 2d15de393377d8fef6005df2f3ed8b8dd6e07d5a Mon Sep 17 00:00:00 2001 From: Dustin Sallings Date: Thu, 19 Dec 2013 13:49:42 -0800 Subject: [PATCH] Validate PublishHandler.ViewerIsOwner with auth.Allowed Change-Id: Ic12926696a6f082a794577e395ff277bbb34daec --- pkg/server/publish.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/server/publish.go b/pkg/server/publish.go index f093f0806..b07721e7b 100644 --- a/pkg/server/publish.go +++ b/pkg/server/publish.go @@ -35,6 +35,7 @@ import ( "strings" "time" + "camlistore.org/pkg/auth" "camlistore.org/pkg/blob" "camlistore.org/pkg/blobserver" "camlistore.org/pkg/client" // just for NewUploadHandleFromString. move elsewhere? @@ -330,8 +331,7 @@ func (ph *PublishHandler) NewRequest(rw http.ResponseWriter, req *http.Request) func (ph *PublishHandler) ViewerIsOwner(req *http.Request) bool { // TODO: better check later - return strings.HasPrefix(req.RemoteAddr, "127.") || - strings.HasPrefix(req.RemoteAddr, "localhost:") + return auth.Allowed(req, auth.OpAll) } func (pr *publishRequest) ViewerIsOwner() bool {