From 22f0aee55dc52f90e7395d5e2c004945bb5e603c Mon Sep 17 00:00:00 2001 From: 710leo <710leo@gmail.com> Date: Tue, 25 May 2021 17:54:09 +0800 Subject: [PATCH] add event write perm check --- src/modules/server/http/router_event.go | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/modules/server/http/router_event.go b/src/modules/server/http/router_event.go index 0068604d..847eedd9 100644 --- a/src/modules/server/http/router_event.go +++ b/src/modules/server/http/router_event.go @@ -259,6 +259,12 @@ func eventHisGets(c *gin.Context) { func eventCurDel(c *gin.Context) { eventCur := mustEventCur(urlParamInt64(c, "id")) + + can, err := models.UsernameCandoNodeOp(loginUsername(c), "mon_event_write", eventCur.Nid) + errors.Dangerous(err) + if !can { + errors.Bomb(_s("no privilege")) + } renderMessage(c, eventCur.EventIgnore()) } @@ -404,6 +410,13 @@ func eventCurClaim(c *gin.Context) { var f claimForm errors.Dangerous(c.ShouldBind(&f)) + eventCur := mustEventCur(f.Id) + can, err := models.UsernameCandoNodeOp(username, "mon_event_write", eventCur.Nid) + errors.Dangerous(err) + if !can { + errors.Bomb(_s("no privilege")) + } + id := f.Id nodePath := f.NodePath