mirrors
/
lldap
mirror of https://github.com/lldap/lldap.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

server: Disallow deleting hardcoded attributes

This commit is contained in:
Valentin Tolmer 2023-11-05 16:06:26 +01:00 committed by nitnelave
parent 829c3f2bb1
commit 4f72153bd4
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
server/src/infra/graphql/mutation.rs
View File

@ -433,6 +433,15 @@ impl<Handler: BackendHandler> Mutation<Handler> {
&span,
"Unauthorized attribute deletion",
))?;
let schema = handler.get_schema().await?;
let attribute_schema = schema
.get_schema()
.user_attributes
.get_attribute_schema(&name)
.ok_or_else(|| anyhow!("Attribute {} is not defined in the schema", name))?;
if attribute_schema.is_hardcoded {
return Err(anyhow!("Permission denied: Attribute {} cannot be deleted", name).into());
}
handler
.delete_user_attribute(&name)
.instrument(span)
@ -454,6 +463,15 @@ impl<Handler: BackendHandler> Mutation<Handler> {
&span,
"Unauthorized attribute deletion",
))?;
let schema = handler.get_schema().await?;
let attribute_schema = schema
.get_schema()
.group_attributes
.get_attribute_schema(&name)
.ok_or_else(|| anyhow!("Attribute {} is not defined in the schema", name))?;
if attribute_schema.is_hardcoded {
return Err(anyhow!("Permission denied: Attribute {} cannot be deleted", name).into());
}
handler
.delete_group_attribute(&name)
.instrument(span)