studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Guard admin assignment/removal against empty filter

Browse Source
This commit is contained in:
KuhnChris
2026-01-08 23:09:18 +01:00
committed by Jason Volk
parent 5e532593fa
commit 76c09851ea
1 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/api/client/session/ldap.rs
View File

@@ -60,22 +60,25 @@ pub(super) async fn ldap_login(
.await?; .await?;
} }
let is_tuwunel_admin = services // only perform admin add/remove check if admin_filter is set
.admin if !services.config.ldap.admin_filter.is_empty() {
.user_is_admin(lowercased_user_id) let is_tuwunel_admin = services
.await; .admin
.user_is_admin(lowercased_user_id)
.await;
if is_ldap_admin && !is_tuwunel_admin { if is_ldap_admin && !is_tuwunel_admin {
services services
.admin .admin
.make_user_admin(lowercased_user_id) .make_user_admin(lowercased_user_id)
.boxed() .boxed()
.await?; .await?;
} else if !is_ldap_admin && is_tuwunel_admin { } else if !is_ldap_admin && is_tuwunel_admin {
services services
.admin .admin
.revoke_admin(lowercased_user_id) .revoke_admin(lowercased_user_id)
.await?; .await?;
}
} }
Ok(user_id) Ok(user_id)