frodovdr
/
hyperion.ng
mirror of https://github.com/hyperion-project/hyperion.ng.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix: prevent downgrade of authorization

This commit is contained in:
brindosch 2019-08-30 20:41:33 +02:00
parent f764202561
commit 826f94d507
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libsrc/api/JsonAPI.cpp
View File

@ -71,11 +71,12 @@ void JsonAPI::initialize(void)
_authorized = !_authManager->isLocalAuthRequired();
// admin access is allowed, when the connection is local and the option for local admin isn't set. Con: All local connections get full access
// authorization is also granted for api based on admin result. Pro: Admin should have full access.
if(_localConnection)
{
_userAuthorized = !_authManager->isLocalAdminAuthRequired();
_authorized = _userAuthorized;
// just in positive direction
if(_userAuthorized)
_authorized = true;
}
// setup auth interface