allow api key in header when no master-key is set; fix #515

This commit is contained in:
qdequele 2020-03-10 15:40:44 +01:00
parent ef3bcd65ab
commit 8204d961de
No known key found for this signature in database
GPG Key ID: B3F0A000EBF11745

View File

@ -20,6 +20,10 @@ impl RequestExt for Request<Data> {
fn is_allowed(&self, acl: ACL) -> SResult<()> { fn is_allowed(&self, acl: ACL) -> SResult<()> {
let user_api_key = self.header("X-Meili-API-Key"); let user_api_key = self.header("X-Meili-API-Key");
if self.state().api_keys.master.is_none() {
return Ok(())
}
match acl { match acl {
ACL::Admin => { ACL::Admin => {
if user_api_key == self.state().api_keys.master.as_deref() { if user_api_key == self.state().api_keys.master.as_deref() {