diff options
author | zeripath <art27@cantab.net> | 2018-09-07 04:31:29 +0100 |
---|---|---|
committer | techknowlogick <techknowlogick@users.noreply.github.com> | 2018-09-06 23:31:29 -0400 |
commit | d293a2b9d6722dffde7998c953c3087e47a38a83 (patch) | |
tree | 9fd63e39b27e51c8ca6360fd0cf4792e075c9b4a /routers/api/v1/api.go | |
parent | e6a03813d463bc0c624a3c40fb615cacc006e265 (diff) | |
download | gitea-d293a2b9d6722dffde7998c953c3087e47a38a83.tar.gz gitea-d293a2b9d6722dffde7998c953c3087e47a38a83.zip |
Add sudo functionality to the API (#4809)
Diffstat (limited to 'routers/api/v1/api.go')
-rw-r--r-- | routers/api/v1/api.go | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 47a8edab43..967db3b01c 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -24,6 +24,8 @@ // - Token : // - AccessToken : // - AuthorizationHeaderToken : +// - SudoParam : +// - SudoHeader : // // SecurityDefinitions: // BasicAuth: @@ -40,6 +42,16 @@ // type: apiKey // name: Authorization // in: header +// SudoParam: +// type: apiKey +// name: sudo +// in: query +// description: Sudo API request as the user provided as the key. Admin privileges are required. +// SudoHeader: +// type: apiKey +// name: Sudo +// in: header +// description: Sudo API request as the user provided as the key. Admin privileges are required. // // swagger:meta package v1 @@ -50,6 +62,7 @@ import ( "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/auth" "code.gitea.io/gitea/modules/context" + "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/routers/api/v1/admin" "code.gitea.io/gitea/routers/api/v1/misc" @@ -64,6 +77,36 @@ import ( "gopkg.in/macaron.v1" ) +func sudo() macaron.Handler { + return func(ctx *context.APIContext) { + sudo := ctx.Query("sudo") + if len(sudo) <= 0 { + sudo = ctx.Req.Header.Get("Sudo") + } + + if len(sudo) > 0 { + if ctx.User.IsAdmin { + user, err := models.GetUserByName(sudo) + if err != nil { + if models.IsErrUserNotExist(err) { + ctx.Status(404) + } else { + ctx.Error(500, "GetUserByName", err) + } + return + } + log.Trace("Sudo from (%s) to: %s", ctx.User.Name, user.Name) + ctx.User = user + } else { + ctx.JSON(403, map[string]string{ + "message": "Only administrators allowed to sudo.", + }) + return + } + } + } +} + func repoAssignment() macaron.Handler { return func(ctx *context.APIContext) { userName := ctx.Params(":username") @@ -589,5 +632,5 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/topics", func() { m.Get("/search", repo.TopicSearch) }) - }, context.APIContexter()) + }, context.APIContexter(), sudo()) } |