Check permissions when performing websocket actions

2020-04-06 21:03:39 -07:00
parent 3edcd5f9c3
commit 45d441ac32
4 changed files with 40 additions and 20 deletions
--- a/router/tokens/websocket.go
+++ b/router/tokens/websocket.go
@@ -3,6 +3,7 @@ package tokens
 import (
 	"encoding/json"
 	"github.com/gbrlsnchs/jwt/v3"
+	"strings"
 )

 type WebsocketPayload struct {
@@ -20,7 +21,7 @@ func (p *WebsocketPayload) GetPayload() *jwt.Payload {
 // Checks if the given token payload has a permission string.
 func (p *WebsocketPayload) HasPermission(permission string) bool {
 	for _, k := range p.Permissions {
-		if k == permission {
+		if k == permission || (!strings.HasPrefix(permission, "admin") && k == "*") {
 			return true
 		}
 	}