Force private API keys to have Privileges write, read, read confidential
This commit is contained in:
parent
42437bde44
commit
a939d15779
|
@ -12,7 +12,11 @@ import (
|
||||||
func GetTokenFull(token string, db *sql.DB) (common.Token, bool) {
|
func GetTokenFull(token string, db *sql.DB) (common.Token, bool) {
|
||||||
var uid int
|
var uid int
|
||||||
var privs int
|
var privs int
|
||||||
err := db.QueryRow("SELECT user, privileges FROM tokens WHERE token = ? LIMIT 1", fmt.Sprintf("%x", md5.Sum([]byte(token)))).Scan(&uid, &privs)
|
var priv8 bool
|
||||||
|
err := db.QueryRow("SELECT user, privileges, private FROM tokens WHERE token = ? LIMIT 1", fmt.Sprintf("%x", md5.Sum([]byte(token)))).Scan(&uid, &privs, &priv8)
|
||||||
|
if priv8 {
|
||||||
|
privs = common.PrivilegeRead | common.PrivilegeReadConfidential | common.PrivilegeWrite
|
||||||
|
}
|
||||||
switch {
|
switch {
|
||||||
case err == sql.ErrNoRows:
|
case err == sql.ErrNoRows:
|
||||||
return common.Token{}, false
|
return common.Token{}, false
|
||||||
|
|
Loading…
Reference in New Issue
Block a user