jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

lock the admin domain based on the edition

Browse Source
This commit is contained in:
Girish Ramakrishnan
2018-09-05 22:58:43 -07:00
parent 91a1bc7a01
commit 8d5e70f6aa
4 changed files with 32 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/server.js
View File

@@ -103,6 +103,7 @@ function initializeExpressSync() {
var appstoreScope = routes.accesscontrol.scope(accesscontrol.SCOPE_APPSTORE);
const verifyOperator = routes.accesscontrol.verifyOperator;
const verifyDomainLock = routes.domains.verifyDomainLock;
// csrf protection
var csrf = routes.oauth2.csrf();
@@ -272,9 +273,9 @@ function initializeExpressSync() {
// domain routes
router.post('/api/v1/domains', domainsManageScope, routes.domains.add);
router.get ('/api/v1/domains', domainsReadScope, routes.domains.getAll);
router.get ('/api/v1/domains/:domain', domainsManageScope, routes.domains.get); // this is manage scope because it returns non-restricted fields
router.put ('/api/v1/domains/:domain', domainsManageScope, routes.domains.update);
router.del ('/api/v1/domains/:domain', domainsManageScope, routes.users.verifyPassword, routes.domains.del);
router.get ('/api/v1/domains/:domain', domainsManageScope, verifyDomainLock, routes.domains.get); // this is manage scope because it returns non-restricted fields
router.put ('/api/v1/domains/:domain', domainsManageScope, verifyDomainLock, routes.domains.update);
router.del ('/api/v1/domains/:domain', domainsManageScope, verifyDomainLock, routes.users.verifyPassword, routes.domains.del);
// caas routes
router.get('/api/v1/caas/config', cloudronScope, routes.caas.getConfig);