add api user role and fix api auth failure response

2018-12-31 19:30:41 +00:00
parent 1a038079bf
commit 4691808fa6
2 changed files with 13 additions and 1 deletions
--- a/lib/App/Netdisco/Web/AuthN.pm
+++ b/lib/App/Netdisco/Web/AuthN.pm
@@ -59,7 +59,16 @@ hook 'before' => sub {
 };

 get qr{^/(?:login(?:/denied)?)?} => sub {
-    template 'index', { return_url => param('return_url') };
+    if (param('return_url') and param('return_url') =~ m{^/api/}) {
+      status 403;
+      return to_json {
+        error => 'not authorized',
+        return_url => param('return_url'),
+      };
+    }
+    else {
+      template 'index', { return_url => param('return_url') };
+    }
 };

 # override default login_handler so we can log access in the database