[core] Fix: Do not execute action after permission check

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2024-11-09 08:40:01 +00:00 · 2024-08-14 15:56:06 +02:00 · 2024-08-14 15:56:06 +02:00 · 13bc753b7d
commit 13bc753b7d
parent e8d60e2733
3 changed files with 8 additions and 0 deletions
--- a/configEditor_automessage.go
+++ b/configEditor_automessage.go
@ -81,6 +81,7 @@ func configEditorHandleAutoMessageAdd(w http.ResponseWriter, r *http.Request) {
 	user, _, err := getAuthorizationFromRequest(r)
 	if err != nil {
 		http.Error(w, errors.Wrap(err, "getting authorized user").Error(), http.StatusInternalServerError)
 		return
 	}
 	msg := &autoMessage{}
@ -106,6 +107,7 @@ func configEditorHandleAutoMessageDelete(w http.ResponseWriter, r *http.Request)
 	user, _, err := getAuthorizationFromRequest(r)
 	if err != nil {
 		http.Error(w, errors.Wrap(err, "getting authorized user").Error(), http.StatusInternalServerError)
 		return
 	}
 	if err := patchConfig(cfg.Config, user, "", "Delete auto-message", func(c *configFile) error {
@ -142,6 +144,7 @@ func configEditorHandleAutoMessageUpdate(w http.ResponseWriter, r *http.Request)
 	user, _, err := getAuthorizationFromRequest(r)
 	if err != nil {
 		http.Error(w, errors.Wrap(err, "getting authorized user").Error(), http.StatusInternalServerError)
 		return
 	}
 	msg := &autoMessage{}
--- a/configEditor_general.go
+++ b/configEditor_general.go
@ -172,6 +172,7 @@ func configEditorHandleGeneralDeleteAuthToken(w http.ResponseWriter, r *http.Req
 	user, _, err := getAuthorizationFromRequest(r)
 	if err != nil {
 		http.Error(w, errors.Wrap(err, "getting authorized user").Error(), http.StatusInternalServerError)
 		return
 	}
 	if err := patchConfig(cfg.Config, user, "", "Delete auth-token", func(cfg *configFile) error {
@ -234,6 +235,7 @@ func configEditorHandleGeneralUpdate(w http.ResponseWriter, r *http.Request) {
 	user, _, err := getAuthorizationFromRequest(r)
 	if err != nil {
 		http.Error(w, errors.Wrap(err, "getting authorized user").Error(), http.StatusInternalServerError)
 		return
 	}
 	var payload configEditorGeneralConfig
--- a/configEditor_rules.go
+++ b/configEditor_rules.go
@ -81,6 +81,7 @@ func configEditorRulesAdd(w http.ResponseWriter, r *http.Request) {
 	user, _, err := getAuthorizationFromRequest(r)
 	if err != nil {
 		http.Error(w, errors.Wrap(err, "getting authorized user").Error(), http.StatusInternalServerError)
 		return
 	}
 	msg := &plugins.Rule{}
@ -119,6 +120,7 @@ func configEditorRulesDelete(w http.ResponseWriter, r *http.Request) {
 	user, _, err := getAuthorizationFromRequest(r)
 	if err != nil {
 		http.Error(w, errors.Wrap(err, "getting authorized user").Error(), http.StatusInternalServerError)
 		return
 	}
 	if err := patchConfig(cfg.Config, user, "", "Delete rule", func(c *configFile) error {
@ -155,6 +157,7 @@ func configEditorRulesUpdate(w http.ResponseWriter, r *http.Request) {
 	user, _, err := getAuthorizationFromRequest(r)
 	if err != nil {
 		http.Error(w, errors.Wrap(err, "getting authorized user").Error(), http.StatusInternalServerError)
 		return
 	}
 	msg := &plugins.Rule{}