File tree Expand file tree Collapse file tree 1 file changed +4
-1
lines changed Expand file tree Collapse file tree 1 file changed +4
-1
lines changed Original file line number Diff line number Diff line change @@ -20,10 +20,13 @@ import (
2020func (api * api ) putMemberRoles (rw http.ResponseWriter , r * http.Request ) {
2121 // User is the user to modify
2222 // TODO: Until rbac authorize is implemented, only be able to change your
23- // own roles. This also means you can grant yourself whatever roles you want.
23+ // own roles. This also means you can grant yourself whatever roles you want.
2424 user := httpmw .UserParam (r )
2525 apiKey := httpmw .APIKey (r )
2626 organization := httpmw .OrganizationParam (r )
27+ // TODO: @emyrk add proper `Authorize()` check here instead of a uuid match.
28+ // Proper authorize should check the granted roles are able to given within
29+ // the selected organization. Until then, allow anarchy
2730 if apiKey .UserID != user .ID {
2831 httpapi .Write (rw , http .StatusUnauthorized , httpapi.Response {
2932 Message : fmt .Sprintf ("modifying other users is not supported at this time" ),
You can’t perform that action at this time.
0 commit comments