Mirrors/VILLASweb-backend-go
1
0
Fork 0
mirror of https://git.rwth-aachen.de/acs/public/villas/web-backend-go/ synced 2025-03-30 00:00:12 +01:00
Code Issues Releases Wiki Activity

scenario: minor security fix for access to all scenarios

Browse source
This commit is contained in:
Sonja Happ 2020-12-03 12:03:34 +01:00
parent ebc1ae16b7
commit 601eb746ce
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
routes/scenario/scenario_endpoints.go
View file

@ -59,7 +59,6 @@ func getScenarios(c *gin.Context) {
// ATTENTION: do not use c.GetInt (common.UserIDCtx) since user_id is of type uint and not int
userID, _ := c.Get(database.UserIDCtx)
userRole, _ := c.Get(database.UserRoleCtx)
var u user.User
err := u.ByID(userID.(uint))
@ -70,7 +69,7 @@ func getScenarios(c *gin.Context) {
// get all scenarios for the user who issues the request
db := database.GetDB()
var scenarios []database.Scenario
if userRole == "Admin" { // Admin can see all scenarios
if u.Role == "Admin" { // Admin can see all scenarios
err = db.Order("ID asc").Find(&scenarios).Error
if helper.DBError(c, err) {
return