1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package com.linecorp.centraldogma.server.internal.api.auth;
18
19 import java.util.function.Function;
20
21 import com.linecorp.armeria.common.HttpRequest;
22 import com.linecorp.armeria.common.HttpResponse;
23 import com.linecorp.armeria.common.HttpStatus;
24 import com.linecorp.armeria.server.HttpService;
25 import com.linecorp.armeria.server.ServiceRequestContext;
26 import com.linecorp.armeria.server.SimpleDecoratingHttpService;
27 import com.linecorp.armeria.server.annotation.Decorator;
28 import com.linecorp.armeria.server.annotation.DecoratorFactoryFunction;
29 import com.linecorp.centraldogma.server.internal.admin.auth.AuthUtil;
30 import com.linecorp.centraldogma.server.internal.api.HttpApiUtil;
31 import com.linecorp.centraldogma.server.metadata.User;
32
33
34
35
36 public final class RequiresAdministratorDecorator extends SimpleDecoratingHttpService {
37
38 RequiresAdministratorDecorator(HttpService delegate) {
39 super(delegate);
40 }
41
42 @Override
43 public HttpResponse serve(ServiceRequestContext ctx, HttpRequest req) throws Exception {
44 final User user = AuthUtil.currentUser(ctx);
45 if (user.isAdmin()) {
46 return unwrap().serve(ctx, req);
47 }
48 return HttpApiUtil.throwResponse(
49 ctx, HttpStatus.FORBIDDEN,
50 "You must be an administrator to perform this operation.");
51 }
52
53
54
55
56 public static final class RequiresAdministratorDecoratorFactory
57 implements DecoratorFactoryFunction<RequiresAdministrator> {
58 @Override
59 public Function<? super HttpService, ? extends HttpService>
60 newDecorator(RequiresAdministrator parameter) {
61 return RequiresAdministratorDecorator::new;
62 }
63 }
64 }