Force private API keys to have Privileges write, read, read confidential

This commit is contained in:
Howl 2016-05-15 07:20:11 +02:00
parent 42437bde44
commit a939d15779

View File

@ -12,7 +12,11 @@ import (
func GetTokenFull(token string, db *sql.DB) (common.Token, bool) { func GetTokenFull(token string, db *sql.DB) (common.Token, bool) {
var uid int var uid int
var privs int var privs int
err := db.QueryRow("SELECT user, privileges FROM tokens WHERE token = ? LIMIT 1", fmt.Sprintf("%x", md5.Sum([]byte(token)))).Scan(&uid, &privs) var priv8 bool
err := db.QueryRow("SELECT user, privileges, private FROM tokens WHERE token = ? LIMIT 1", fmt.Sprintf("%x", md5.Sum([]byte(token)))).Scan(&uid, &privs, &priv8)
if priv8 {
privs = common.PrivilegeRead | common.PrivilegeReadConfidential | common.PrivilegeWrite
}
switch { switch {
case err == sql.ErrNoRows: case err == sql.ErrNoRows:
return common.Token{}, false return common.Token{}, false