gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-11 16:35:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

set http status 403 if user is not admin, set status 500 for some other errors

Browse Source
This commit is contained in:
Uwe Steinmann 2020-06-16 12:12:50 +02:00
parent 1ba42deef1
commit b97387ecb1
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
restapi/index.php
View File

@ -1414,10 +1414,10 @@ function checkIfAdmin($request, $response) { /* {{{ */
global $dms, $userobj;
if(!$userobj) {
return $response->withJson(array('success'=>false, 'message'=>'Not logged in', 'data'=>''), 200);
return $response->withJson(array('success'=>false, 'message'=>'Not logged in', 'data'=>''), 403);
}
if(!$userobj->isAdmin()) {
return $response->withJson(array('success'=>false, 'message'=>'You must be logged in with an administrator account to access this resource', 'data'=>''), 200);
return $response->withJson(array('success'=>false, 'message'=>'You must be logged in with an administrator account to access this resource', 'data'=>''), 403);
}
return true;
@ -1679,7 +1679,7 @@ function changeGroupMembership($request, $response, $args, $operationType) { /*
{
$message = 'Could not remove user from group.';
}
return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. ' . $message, 'data'=>''), 200);
return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. ' . $message, 'data'=>''), 500);
}
$data = __getGroupData($group);
@ -1847,7 +1847,7 @@ function changeFolderAccess($request, $response, $args, $operationType, $userOrG
{
$message = 'Could not remove user/group access from this folder.';
}
return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. ' . $message, 'data'=>''), 200);
return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. ' . $message, 'data'=>''), 500);
}
$data = array();
@ -2028,7 +2028,7 @@ function clearFolderAccessList($request, $response, $args) { /* {{{ */
return $response->withStatus(404);
}
if (!$folder->clearAccessList()) {
return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. Could not clear access list for this folder.', 'data'=>''), 200);
return $response->withJson(array('success'=>false, 'message'=>'Something went wrong. Could not clear access list for this folder.', 'data'=>''), 500);
}
return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>''), 200);
} /* }}} */