diff options
author | Christian Pointner <equinox@helsinki.at> | 2015-12-17 15:34:46 (GMT) |
---|---|---|
committer | Christian Pointner <equinox@helsinki.at> | 2015-12-17 15:34:46 (GMT) |
commit | 40947fb5575fa3a6053302263a52bbaa54ecff97 (patch) | |
tree | b98f36189cc321e3d97a08f084714cfb0c527bd1 | |
parent | f668cb35d19ac92748ffe5d65952ada01ea0e214 (diff) |
added check for authorization to musicgrid.cgi
-rwxr-xr-x | rh-bin/musicgrid.cgi | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/rh-bin/musicgrid.cgi b/rh-bin/musicgrid.cgi index aa823aa..b1bfa1f 100755 --- a/rh-bin/musicgrid.cgi +++ b/rh-bin/musicgrid.cgi @@ -34,7 +34,7 @@ my $responsecode = 500; my @clocks = (); my $q = CGI->new; -my $username = ""; #$q->param('LOGIN_NAME'); +my $username = "equinox"; #$q->param('LOGIN_NAME'); my $token = ""; #$q->param('PASSWORD'); my $cmd = "get"; #$q->param('COMMAND'); @@ -81,9 +81,9 @@ if(!defined $username) { } else { (my $ctx, $status, $errorstring) = RHRD::rddb::init(); if(defined $ctx) { - my $result = 1; # (my $result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token); - if($result == 1) { - # TODO: check if user is allowed to read/edit music pools + my $authenticated = 1; # (my $authenticated, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token); + my $authorized = RHRD::rddb::is_musicpools_user($ctx, $username); + if($authenticated == 1 && $authorized == 1) { if($cmd eq "get") { ($responsecode, $errorstring) = get_clocks($ctx); } @@ -94,8 +94,11 @@ if(!defined $username) { $responsecode = 400; $errorstring = "command '$cmd' is unknown"; } - } elsif($result == 0) { + } elsif($authenticated == 0) { $responsecode = 401; + } elsif($authorized == 0) { + $responsecode = 403; + $errorstring = "user '" . $username . "' is not allowed to access the music grid"; } else { $responsecode = 500; } |