Commit 7a1eeebe authored by joelalju's avatar joelalju
Browse files

[#405] It now checks ownership.

parent 575ed462
......@@ -301,7 +301,12 @@ get '/machine/info/(:id).(:type)' => sub {
my $id = $c->stash('id');
die "No id " if !$id;
#TODO check ownership
my ($domain) = _search_requested_machine($c);
return access_denied($c) if !$domain;
return access_denied($c) unless $USER->is_admin
|| $domain->id_owner == $USER->id;
$c->render(json => $RAVADA->domain_info(id => $id));
};
......@@ -313,7 +318,13 @@ any '/machine/settings/(:id).(:type)' => sub {
any '/machine/manage/(:id).(:type)' => sub {
my $c = shift;
#TODO check ownership
my ($domain) = _search_requested_machine($c);
return access_denied($c) if !$domain;
return access_denied($c) unless $USER->is_admin
|| $domain->id_owner == $USER->id;
return manage_machine($c);
};
......@@ -322,7 +333,12 @@ get '/machine/view/(:id).(:type)' => sub {
my $id = $c->stash('id');
my $type = $c->stash('type');
#TODO check ownership
my ($domain) = _search_requested_machine($c);
return access_denied($c) if !$domain;
return access_denied($c) unless $USER->is_admin
|| $domain->id_owner == $USER->id;
return view_machine($c);
};
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment