add user role Download; limit access check to scenario in file middleware #52

2025-03-30 00:00:12 +01:00 · 2021-04-14 11:11:28 +02:00 · 2021-04-14 11:11:28 +02:00 · f3d6353f86
commit f3d6353f86
parent 2f6f942749
2 changed files with 19 additions and 3 deletions
--- a/database/roles.go
+++ b/database/roles.go
@ -112,6 +112,19 @@ var Roles = RoleActions{
 		ModelFile:                          _r__,
 		ModelResult:                        none,
 	},
+	"Download": {
+		ModelScenario:                      none,
+		ModelComponentConfiguration:        none,
+		ModelDashboard:                     none,
+		ModelWidget:                        none,
+		ModelInfrastructureComponent:       none,
+		ModelInfrastructureComponentAction: none,
+		ModelUser:                          none,
+		ModelUsers:                         none,
+		ModelSignal:                        none,
+		ModelFile:                          _r__,
+		ModelResult:                        none,
+	},
 }

 func ValidateRole(c *gin.Context, model ModelName, action CRUD) error {
--- a/routes/file/file_middleware.go
+++ b/routes/file/file_middleware.go
@ -49,9 +49,12 @@ func CheckPermissions(c *gin.Context, operation database.CRUD) (bool, File) {
 		return false, f
 	}

-	ok, _ := scenario.CheckPermissions(c, operation, "body", int(f.ScenarioID))
-	if !ok {
-		return false, f
+	if operation != database.Read {
+		// check access to scenario only if operation is not Read (=download) of file
+		ok, _ := scenario.CheckPermissions(c, operation, "body", int(f.ScenarioID))
+		if !ok {
+			return false, f
+		}
 	}

 	return true, f