Upstream/harbor
1
0
Fork 0
mirror of https://github.com/goharbor/harbor.git synced 2024-11-26 20:26:13 +01:00
Code Issues Projects Releases Wiki Activity

Merge pull request #804 from reasonerjt/dev

Browse Source 
fix #801, add permission check before filtering access log of a project.
This commit is contained in:
Daniel Jiang 2016-09-14 16:05:10 +08:00 committed by GitHub
commit 1c216d902a
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/project.go
View File

@ -338,6 +338,11 @@ func (p *ProjectAPI) FilterAccessLog() {
var query models.AccessLog var query models.AccessLog
p.DecodeJSONReq(&query) p.DecodeJSONReq(&query)
if !checkProjectPermission(p.userID, p.projectID) {
log.Warningf("Current user, user id: %d does not have permission to read accesslog of project, id: %d", p.userID, p.projectID)
p.RenderError(http.StatusForbidden, "")
return
}
query.ProjectID = p.projectID query.ProjectID = p.projectID
query.BeginTime = time.Unix(query.BeginTimestamp, 0) query.BeginTime = time.Unix(query.BeginTimestamp, 0)
query.EndTime = time.Unix(query.EndTimestamp, 0) query.EndTime = time.Unix(query.EndTimestamp, 0)