StrafesNET/maps-service
5
Fork 0
Code Issues15 Pull Requests Packages Projects Releases Wiki Activity

submissions: allow bypass by admin in internal CreateSubmission

Browse Source
This commit is contained in:
Quaternions 2025-04-15 15:31:22 -07:00
parent 649b941d5f
commit a669de3c0b
Signed by: Quaternions
GPG Key ID: D0DF5964F79AC131
1 changed files with 7 additions and 2 deletions

9
pkg/service_internal/submissions.go

@ -9,6 +9,7 @@ import (
"git.itzana.me/strafesnet/maps-service/pkg/datastore"
internal "git.itzana.me/strafesnet/maps-service/pkg/internal"
"git.itzana.me/strafesnet/maps-service/pkg/model"
"git.itzana.me/strafesnet/maps-service/pkg/service"
)
var(
@ -338,6 +339,7 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *internal.Subm
var AssetID=uint64(request.AssetID);
var AssetVersion=uint64(request.AssetVersion);
var Status=model.SubmissionStatus(request.Status);
var roles=service.Roles(request.Roles);
// Check if an active submission with the same asset id exists
{
@ -363,8 +365,11 @@ func (svc *Service) CreateSubmission(ctx context.Context, request *internal.Subm
}
// check if user owns asset
// TODO: allow bypass by admin
if operation.Owner != Submitter {
is_submitter := operation.Owner == Submitter
// check if user is map admin
has_submission_review := roles & service.RolesSubmissionReview == service.RolesSubmissionReview
// if neither, u not allowed
if !is_submitter && !has_submission_review {
return nil, ErrNotAssetOwner
}