Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Open sidebar
ai3
accountserver
Commits
0cfa506b
Commit
0cfa506b
authored
Oct 27, 2018
by
ale
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Log unauthorized access to a different user
parent
4e9a202b
Pipeline
#1403
passed with stages
in 1 minute and 41 seconds
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
1 addition
and
0 deletions
+1
-0
service.go
service.go
+1
-0
No files found.
service.go
View file @
0cfa506b
...
...
@@ -230,6 +230,7 @@ func (s *authService) authorizeUser(ctx context.Context, tx TX, req RequestBase)
// Requests are allowed if the SSO ticket corresponds to an admin, or if
// it identifies the same user that we're querying.
if
!
s
.
isAdmin
(
tkt
)
&&
tkt
.
User
!=
req
.
Username
{
log
.
Printf
(
"unauthorized access from user %s to user %s"
,
tkt
.
User
,
req
.
Username
)
return
nil
,
nil
,
ErrUnauthorized
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment