Hide content based on user role (#541)

2026-04-18 16:26:38 +00:00 · 2022-11-05 10:24:50 +01:00
parent e8d82c1bd3
commit 4321b71984
27 changed files with 305 additions and 142 deletions
--- a/management/server/route.go
+++ b/management/server/route.go
@@ -60,7 +60,7 @@ type RouteUpdateOperation struct {
 }

 // GetRoute gets a route object from account and route IDs
-func (am *DefaultAccountManager) GetRoute(accountID, routeID string) (*route.Route, error) {
+func (am *DefaultAccountManager) GetRoute(accountID, routeID, userID string) (*route.Route, error) {
 	am.mux.Lock()
 	defer am.mux.Unlock()

@@ -69,6 +69,15 @@ func (am *DefaultAccountManager) GetRoute(accountID, routeID string) (*route.Rou
 		return nil, status.Errorf(codes.NotFound, "account not found")
 	}

+	user, err := account.FindUser(userID)
+	if err != nil {
+		return nil, err
+	}
+
+	if !user.IsAdmin() {
+		return nil, Errorf(PermissionDenied, "Only administrators can view Network Routes")
+	}
+
 	wantedRoute, found := account.Routes[routeID]
 	if found {
 		return wantedRoute, nil
@@ -325,7 +334,7 @@ func (am *DefaultAccountManager) DeleteRoute(accountID, routeID string) error {
 }

 // ListRoutes returns a list of routes from account
-func (am *DefaultAccountManager) ListRoutes(accountID string) ([]*route.Route, error) {
+func (am *DefaultAccountManager) ListRoutes(accountID, userID string) ([]*route.Route, error) {
 	am.mux.Lock()
 	defer am.mux.Unlock()

@@ -334,6 +343,15 @@ func (am *DefaultAccountManager) ListRoutes(accountID string) ([]*route.Route, e
 		return nil, status.Errorf(codes.NotFound, "account not found")
 	}

+	user, err := account.FindUser(userID)
+	if err != nil {
+		return nil, err
+	}
+
+	if !user.IsAdmin() {
+		return nil, Errorf(PermissionDenied, "Only administrators can view Network Routes")
+	}
+
 	routes := make([]*route.Route, 0, len(account.Routes))
 	for _, item := range account.Routes {
 		routes = append(routes, item)