auth: Check if the API is read-only on crypto keys methods

author Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 17 Jul 2017 13:26:38 +0000 (15:26 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Mon, 17 Jul 2017 13:26:38 +0000 (15:26 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 17 Jul 2017 13:26:38 +0000 (15:26 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Mon, 17 Jul 2017 13:26:38 +0000 (15:26 +0200)
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc

index 5142fd9b043055ec4d62d5a50e0eccdb9e528031..45511220a70bbfc7378f5ebefc12a4c3053e6561 100644 (file)
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -952,13 +952,13 @@ static void apiZoneCryptokeys(HttpRequest *req, HttpResponse *resp) {
  
    if (req->method == "GET") {
      apiZoneCryptokeysGET(zonename, inquireKeyId, resp, &dk);
-  } else if (req->method == "DELETE") {
+  } else if (req->method == "DELETE" && !::arg().mustDo("api-readonly")) {
      if (inquireKeyId == -1)
        throw HttpBadRequestException();
      apiZoneCryptokeysDELETE(zonename, inquireKeyId, req, resp, &dk);
-  } else if (req->method == "POST") {
+  } else if (req->method == "POST" && !::arg().mustDo("api-readonly")) {
      apiZoneCryptokeysPOST(zonename, req, resp, &dk);
-  } else if (req->method == "PUT") {
+  } else if (req->method == "PUT" && !::arg().mustDo("api-readonly")) {
      if (inquireKeyId == -1)
        throw HttpBadRequestException();
      apiZoneCryptokeysPUT(zonename, inquireKeyId, req, resp, &dk);
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 17 Jul 2017 13:26:38 +0000 (15:26 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 17 Jul 2017 13:26:38 +0000 (15:26 +0200)