frodovdr/hyperion.ng
1
0
Fork 0
mirror of https://github.com/hyperion-project/hyperion.ng.git synced 2023-10-10 13:36:59 +02:00
Code Issues Releases Wiki Activity

Fix: prevent downgrade of authorization

Browse Source
This commit is contained in:
brindosch 2019-08-30 20:41:33 +02:00
parent f764202561
commit 826f94d507
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libsrc/api/JsonAPI.cpp
View File

@ -71,11 +71,12 @@ void JsonAPI::initialize(void)
_authorized = !_authManager->isLocalAuthRequired(); _authorized = !_authManager->isLocalAuthRequired();
// admin access is allowed, when the connection is local and the option for local admin isn't set. Con: All local connections get full access // admin access is allowed, when the connection is local and the option for local admin isn't set. Con: All local connections get full access
// authorization is also granted for api based on admin result. Pro: Admin should have full access.
if(_localConnection) if(_localConnection)
{ {
_userAuthorized = !_authManager->isLocalAdminAuthRequired(); _userAuthorized = !_authManager->isLocalAdminAuthRequired();
_authorized = _userAuthorized; // just in positive direction
if(_userAuthorized)
_authorized = true;
} }
// setup auth interface // setup auth interface