Role checking when saving dashboard, making sure that the user has owner or editor role

2025-08-02 05:46:28 +08:00 · 2015-01-16 15:28:44 +01:00
parent 22156fe309
commit 3912ed5023
317 changed files with 8218 additions and 206556 deletions
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@ -60,6 +60,21 @@ func authDenied(c *Context) {
 	c.Redirect(setting.AppSubUrl + "/login")
 }

+func RoleAuth(roles ...m.RoleType) macaron.Handler {
+	return func(c *Context) {
+		ok := false
+		for _, role := range roles {
+			if role == c.UserRole {
+				ok = true
+				break
+			}
+		}
+		if !ok {
+			authDenied(c)
+		}
+	}
+}
+
 func Auth(options *AuthOptions) macaron.Handler {
 	return func(c *Context) {