implicitly assume validator endpoints are authorized

2024-12-10 22:32:56 -08:00 · 2024-12-10 22:32:56 -08:00 · 89fda96e7a
commit 89fda96e7a
parent 803223d331
1 changed files with 2 additions and 18 deletions
--- a/pkg/service/submissions.go
+++ b/pkg/service/submissions.go
@ -170,15 +170,7 @@ func (svc *Service) UpdateSubmissionModel(ctx context.Context, params api.Update
 //
 // POST /submissions/{SubmissionID}/status/publish
 func (svc *Service) ActionSubmissionPublish(ctx context.Context, params api.ActionSubmissionPublishParams) error {
-	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
-	if !ok{
-		return ErrUserInfo
-	}
-
-	// check if caller has required role
-	if !userInfo.Roles.Validator{
-		return ErrPermissionDenied
-	}
+	println("[ActionSubmissionPublish] Implicit Validator permission granted!")

 	// transaction
 	smap := datastore.Optional()
@ -387,15 +379,7 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params
 //
 // POST /submissions/{SubmissionID}/status/validate
 func (svc *Service) ActionSubmissionValidate(ctx context.Context, params api.ActionSubmissionValidateParams) error {
-	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
-	if !ok{
-		return ErrUserInfo
-	}
-
-	// check if caller has required role
-	if !userInfo.Roles.Validator{
-		return ErrPermissionDenied
-	}
+	println("[ActionSubmissionValidate] Implicit Validator permission granted!")

 	// transaction
 	smap := datastore.Optional()