fix(go): allow get user if admin or self;

2026-04-23 00:17:10 +08:00 · 2026-04-01 21:17:01 +05:30
parent 729bec02b9
commit 95771eda51
2 changed files with 31 additions and 1 deletions
@@ -1,11 +1,13 @@
 package logic

 import (
+	"context"
 	"errors"
 	"net/http"
 	"strings"

 	"github.com/golang-jwt/jwt/v4"
+	"github.com/gravitl/netmaker/db"

 	"github.com/gorilla/mux"
 	"github.com/gravitl/netmaker/models"
@@ -181,3 +183,31 @@ func ContinueIfUserMatch(next http.Handler) http.HandlerFunc {
 		next.ServeHTTP(w, r)
 	}
 }
+
+func ContinueIfUserMatchOrAdmin(next http.Handler) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		var errorResponse = models.ErrorResponse{
+			Code: http.StatusForbidden, Message: Forbidden_Msg,
+		}
+
+		user := &schema.User{
+			Username: r.Header.Get("user"),
+		}
+		err := user.Get(db.WithContext(context.TODO()))
+		if err == nil && (user.PlatformRoleID == schema.SuperAdminRole || user.PlatformRoleID == schema.AdminRole) {
+			next.ServeHTTP(w, r)
+			return
+		}
+
+		var params = mux.Vars(r)
+		var requestedUser = params["username"]
+		if requestedUser == "" {
+			requestedUser = r.URL.Query().Get("username")
+		}
+		if requestedUser != r.Header.Get("user") {
+			ReturnErrorResponse(w, r, errorResponse)
+			return
+		}
+		next.ServeHTTP(w, r)
+	}
+}