summaryrefslogtreecommitdiffstats
path: root/routers/api
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2018-09-07 04:31:29 +0100
committertechknowlogick <techknowlogick@users.noreply.github.com>2018-09-06 23:31:29 -0400
commitd293a2b9d6722dffde7998c953c3087e47a38a83 (patch)
tree9fd63e39b27e51c8ca6360fd0cf4792e075c9b4a /routers/api
parente6a03813d463bc0c624a3c40fb615cacc006e265 (diff)
downloadgitea-d293a2b9d6722dffde7998c953c3087e47a38a83.tar.gz
gitea-d293a2b9d6722dffde7998c953c3087e47a38a83.zip
Add sudo functionality to the API (#4809)
Diffstat (limited to 'routers/api')
-rw-r--r--routers/api/v1/api.go45
1 files changed, 44 insertions, 1 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 47a8edab43..967db3b01c 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -24,6 +24,8 @@
// - Token :
// - AccessToken :
// - AuthorizationHeaderToken :
+// - SudoParam :
+// - SudoHeader :
//
// SecurityDefinitions:
// BasicAuth:
@@ -40,6 +42,16 @@
// type: apiKey
// name: Authorization
// in: header
+// SudoParam:
+// type: apiKey
+// name: sudo
+// in: query
+// description: Sudo API request as the user provided as the key. Admin privileges are required.
+// SudoHeader:
+// type: apiKey
+// name: Sudo
+// in: header
+// description: Sudo API request as the user provided as the key. Admin privileges are required.
//
// swagger:meta
package v1
@@ -50,6 +62,7 @@ import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/context"
+ "code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/routers/api/v1/admin"
"code.gitea.io/gitea/routers/api/v1/misc"
@@ -64,6 +77,36 @@ import (
"gopkg.in/macaron.v1"
)
+func sudo() macaron.Handler {
+ return func(ctx *context.APIContext) {
+ sudo := ctx.Query("sudo")
+ if len(sudo) <= 0 {
+ sudo = ctx.Req.Header.Get("Sudo")
+ }
+
+ if len(sudo) > 0 {
+ if ctx.User.IsAdmin {
+ user, err := models.GetUserByName(sudo)
+ if err != nil {
+ if models.IsErrUserNotExist(err) {
+ ctx.Status(404)
+ } else {
+ ctx.Error(500, "GetUserByName", err)
+ }
+ return
+ }
+ log.Trace("Sudo from (%s) to: %s", ctx.User.Name, user.Name)
+ ctx.User = user
+ } else {
+ ctx.JSON(403, map[string]string{
+ "message": "Only administrators allowed to sudo.",
+ })
+ return
+ }
+ }
+ }
+}
+
func repoAssignment() macaron.Handler {
return func(ctx *context.APIContext) {
userName := ctx.Params(":username")
@@ -589,5 +632,5 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Group("/topics", func() {
m.Get("/search", repo.TopicSearch)
})
- }, context.APIContexter())
+ }, context.APIContexter(), sudo())
}