summaryrefslogtreecommitdiff
path: root/rh-bin
diff options
context:
space:
mode:
authorChristian Pointner <equinox@helsinki.at>2015-12-17 15:34:46 (GMT)
committerChristian Pointner <equinox@helsinki.at>2015-12-17 15:34:46 (GMT)
commit40947fb5575fa3a6053302263a52bbaa54ecff97 (patch)
treeb98f36189cc321e3d97a08f084714cfb0c527bd1 /rh-bin
parentf668cb35d19ac92748ffe5d65952ada01ea0e214 (diff)
added check for authorization to musicgrid.cgi
Diffstat (limited to 'rh-bin')
-rwxr-xr-xrh-bin/musicgrid.cgi13
1 files changed, 8 insertions, 5 deletions
diff --git a/rh-bin/musicgrid.cgi b/rh-bin/musicgrid.cgi
index aa823aa..b1bfa1f 100755
--- a/rh-bin/musicgrid.cgi
+++ b/rh-bin/musicgrid.cgi
@@ -34,7 +34,7 @@ my $responsecode = 500;
my @clocks = ();
my $q = CGI->new;
-my $username = ""; #$q->param('LOGIN_NAME');
+my $username = "equinox"; #$q->param('LOGIN_NAME');
my $token = ""; #$q->param('PASSWORD');
my $cmd = "get"; #$q->param('COMMAND');
@@ -81,9 +81,9 @@ if(!defined $username) {
} else {
(my $ctx, $status, $errorstring) = RHRD::rddb::init();
if(defined $ctx) {
- my $result = 1; # (my $result, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
- if($result == 1) {
- # TODO: check if user is allowed to read/edit music pools
+ my $authenticated = 1; # (my $authenticated, $status, $errorstring) = RHRD::rddb::check_token($ctx, $username, $token);
+ my $authorized = RHRD::rddb::is_musicpools_user($ctx, $username);
+ if($authenticated == 1 && $authorized == 1) {
if($cmd eq "get") {
($responsecode, $errorstring) = get_clocks($ctx);
}
@@ -94,8 +94,11 @@ if(!defined $username) {
$responsecode = 400;
$errorstring = "command '$cmd' is unknown";
}
- } elsif($result == 0) {
+ } elsif($authenticated == 0) {
$responsecode = 401;
+ } elsif($authorized == 0) {
+ $responsecode = 403;
+ $errorstring = "user '" . $username . "' is not allowed to access the music grid";
} else {
$responsecode = 500;
}