summaryrefslogtreecommitdiff
path: root/bin/api
diff options
context:
space:
mode:
Diffstat (limited to 'bin/api')
-rwxr-xr-xbin/api8
1 files changed, 7 insertions, 1 deletions
diff --git a/bin/api b/bin/api
index 86bf0274..3fa550c0 100755
--- a/bin/api
+++ b/bin/api
@@ -80,6 +80,7 @@ end
module HTTPHelpers
def authorized?(request, permission, resource)
+ raise [permission, resource].inspect if resource.nil?
authorization = Rack::Auth::AbstractRequest.new(request.env)
return false unless authorization.provided?
@@ -138,7 +139,12 @@ class API
when "/organizations", "/organizations.json"
return json_ok(Organization.all.map(&:to_h))
when "/groups", "/groups.json"
- return json_ok(Group.all.map(&:to_h))
+ resource = Organization.default
+ if authorized?(request, :read_group, resource)
+ return json_ok(Group.all.map(&:to_h))
+ else
+ return json_unauthorized(:read_group, resource)
+ end
when "/projects", "/projects.json"
resource = Organization.default
if authorized?(request, :read_project, resource)
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 07:37:34 +0000