From 89fda96e7a4dddce2d905e3dec22e800e036589b Mon Sep 17 00:00:00 2001
From: Quaternions <krakow20@gmail.com>
Date: Tue, 10 Dec 2024 22:32:56 -0800
Subject: [PATCH] implicitly assume validator endpoints are authorized

---
 pkg/service/submissions.go | 20 ++------------------
 1 file changed, 2 insertions(+), 18 deletions(-)

diff --git a/pkg/service/submissions.go b/pkg/service/submissions.go
index f0b382e..d6585f6 100644
--- a/pkg/service/submissions.go
+++ b/pkg/service/submissions.go
@@ -170,15 +170,7 @@ func (svc *Service) UpdateSubmissionModel(ctx context.Context, params api.Update
 //
 // POST /submissions/{SubmissionID}/status/publish
 func (svc *Service) ActionSubmissionPublish(ctx context.Context, params api.ActionSubmissionPublishParams) error {
-	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
-	if !ok{
-		return ErrUserInfo
-	}
-
-	// check if caller has required role
-	if !userInfo.Roles.Validator{
-		return ErrPermissionDenied
-	}
+	println("[ActionSubmissionPublish] Implicit Validator permission granted!")
 
 	// transaction
 	smap := datastore.Optional()
@@ -387,15 +379,7 @@ func (svc *Service) ActionSubmissionTriggerValidate(ctx context.Context, params
 //
 // POST /submissions/{SubmissionID}/status/validate
 func (svc *Service) ActionSubmissionValidate(ctx context.Context, params api.ActionSubmissionValidateParams) error {
-	userInfo, ok := ctx.Value("UserInfo").(UserInfo)
-	if !ok{
-		return ErrUserInfo
-	}
-
-	// check if caller has required role
-	if !userInfo.Roles.Validator{
-		return ErrPermissionDenied
-	}
+	println("[ActionSubmissionValidate] Implicit Validator permission granted!")
 
 	// transaction
 	smap := datastore.Optional()