Allow accessing `_api/cluser/endpoints` as authenticated user via the `_system` database. (#7342)

2018-11-16 10:03:14 +01:00 · 2018-11-16 10:03:14 +01:00 · a03528b7a2
parent 447ab7bce5
commit a03528b7a2
1 changed files with 10 additions and 5 deletions
--- a/arangod/GeneralServer/GeneralCommTask.cpp
+++ b/arangod/GeneralServer/GeneralCommTask.cpp
@ -492,8 +492,9 @@ rest::ResponseCode GeneralCommTask::canAccessPath(

  std::string const& path = request.requestPath();
  std::string const& username = request.user();
+  bool userAuthenticated = request.authenticated();

-  rest::ResponseCode result = request.authenticated()
+  rest::ResponseCode result = userAuthenticated
                                  ? rest::ResponseCode::OK
                                  : rest::ResponseCode::UNAUTHORIZED;

@ -505,7 +506,7 @@ rest::ResponseCode GeneralCommTask::canAccessPath(
    result = rest::ResponseCode::UNAUTHORIZED;
    LOG_TOPIC(TRACE, Logger::AUTHORIZATION) << "Access forbidden to " << path;

-    if (request.authenticated()) {
+    if (userAuthenticated) {
      request.setAuthenticated(false);
    }
  }
@ -552,6 +553,10 @@ rest::ResponseCode GeneralCommTask::canAccessPath(
        // req.user when it could be validated
        result = rest::ResponseCode::OK;
        vc->forceSuperuser();
+      } else if (userAuthenticated && path == "/_api/cluster/endpoints") {
+        // allow authenticated users to access cluster/endpoints
+        result = rest::ResponseCode::OK;
+        //vc->forceReadOnly();
      } else if (request.requestType() == RequestType::POST &&
                 !username.empty() &&
                 StringUtils::isPrefix(path, ApiUser + username + '/')) {