Commit 9935730f authored by Francesc Guasch's avatar Francesc Guasch
Browse files

[#405] deny access to non admins

parent 89d3e1e4
......@@ -272,6 +272,7 @@ get '/iso_file.json' => sub {
get '/list_machines.json' => sub {
my $c = shift;
return access_denied($c) if !_logged_in($c) || !$USER->is_admin();
$c->render(json => $RAVADA->list_domains);
};
......@@ -284,6 +285,8 @@ get '/list_bases_anonymous.json' => sub {
get '/list_users.json' => sub {
my $c = shift;
return access_denied($c) if !_logged_in($c) || !$USER->is_admin();
$c->render(json => $RAVADA->list_users);
};
......@@ -304,6 +307,8 @@ get '/machine/info/(:id).(:type)' => sub {
my $c = shift;
my $id = $c->stash('id');
die "No id " if !$id;
#TODO check ownership
$c->render(json => $RAVADA->domain_info(id => $id));
};
......@@ -315,6 +320,7 @@ any '/machine/settings/(:id).(:type)' => sub {
any '/machine/manage/(:id).(:type)' => sub {
my $c = shift;
#TODO check ownership
return manage_machine($c);
};
......@@ -323,6 +329,7 @@ get '/machine/view/(:id).(:type)' => sub {
my $id = $c->stash('id');
my $type = $c->stash('type');
#TODO check ownership
return view_machine($c);
};
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment