Rooba
/
perkeep
mirror of https://github.com/perkeep/perkeep.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge "Validate PublishHandler.ViewerIsOwner with auth.Allowed"

This commit is contained in:
Brad Fitzpatrick 2013-12-20 03:23:11 +00:00 committed by Gerrit Code Review
parent b10c3e52fb 2d15de3933
commit 977564f979
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/server/publish.go
View File

@ -35,6 +35,7 @@ import (
"strings"
"time"
"camlistore.org/pkg/auth"
"camlistore.org/pkg/blob"
"camlistore.org/pkg/blobserver"
"camlistore.org/pkg/client" // just for NewUploadHandleFromString. move elsewhere?
@ -330,8 +331,7 @@ func (ph *PublishHandler) NewRequest(rw http.ResponseWriter, req *http.Request)
func (ph *PublishHandler) ViewerIsOwner(req *http.Request) bool {
// TODO: better check later
return strings.HasPrefix(req.RemoteAddr, "127.") ||
strings.HasPrefix(req.RemoteAddr, "localhost:")
return auth.Allowed(req, auth.OpAll)
}
func (pr *publishRequest) ViewerIsOwner() bool {