From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 3 May 2023 16:25:52 +0000 (+0000)
Subject: jobs: Use a simpler permission check for control connections
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=80657eba21e2618aef49cb7c185dafda5900bad5;p=pbs.git

jobs: Use a simpler permission check for control connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/web/jobs.py b/src/web/jobs.py
index e4d6d3ac..19eecf21 100644
--- a/src/web/jobs.py
+++ b/src/web/jobs.py
@@ -25,10 +25,10 @@ class APIv1ControlHandler(base.APIMixin, tornado.websocket.WebSocketHandler):
 		if not self.job:
 			raise tornado.web.HTTPError(404, "Could not find job %s" % job_id)
 
-		# Check if the builder matches
-		if not self.current_user == self.job.builder:
-			raise tornado.web.HTTPError(403, "Job %s belongs to %s, not %s" % \
-				(self.job, self.job.builder, self.current_user))
+		# Check permissions
+		if not self.job.has_perm(self.current_user):
+			raise tornado.web.HTTPError(403, "%s cannot control job %s" \
+				% (self.current_user, self.job))
 
 		# Consider the job connected
 		self.job.connected(self)