johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

API: Deny client access if the scope is not authorized #782 #808

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2024-01-14 19:27:38 +01:00
parent 5dedc8a7c0
commit c38962e469
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/api/api_auth.go
View File

@@ -36,7 +36,7 @@ func AuthAny(c *gin.Context, resource acl.Resource, grants acl.Permissions) (s *
// Check ACL resource name against the permitted scope. // Check ACL resource name against the permitted scope.
if !s.HasScope(resource.String()) { if !s.HasScope(resource.String()) {
event.AuditErr([]string{clientIp, "client %s", "session %s", "access %s", "denied"}, s.AuthID, s.RefID, string(resource)) event.AuditErr([]string{clientIp, "client %s", "session %s", "access %s", "denied"}, s.AuthID, s.RefID, string(resource))
return s return entity.SessionStatusForbidden()
} }
// Perform an authorization check based on the ACL defaults for client applications. // Perform an authorization check based on the ACL defaults for client applications.