feat(api): prevent non administrator users to use admin restricted API endpoints (#3227)

2019-10-07 16:10:51 +13:00
parent 1fbe6a12f1
commit f7480c4ad4
21 changed files with 118 additions and 93 deletions
--- a/api/http/handler/websocket/handler.go
+++ b/api/http/handler/websocket/handler.go
@@ -26,8 +26,8 @@ func NewHandler(bouncer *security.RequestBouncer) *Handler {
 		requestBouncer:     bouncer,
 	}
 	h.PathPrefix("/websocket/exec").Handler(
-		bouncer.RestrictedAccess(httperror.LoggerHandler(h.websocketExec)))
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.websocketExec)))
 	h.PathPrefix("/websocket/attach").Handler(
-		bouncer.RestrictedAccess(httperror.LoggerHandler(h.websocketAttach)))
+		bouncer.AuthenticatedAccess(httperror.LoggerHandler(h.websocketAttach)))
 	return h
 }