improve permissions system

httpd.go

@@ -26,13 +26,13 @@ type jsonInputParams struct {
 }
 
 type HttpServer struct {
-	Port          string
-	ovpn          *OpenVpnMgt
-	key           string
-	cert          string
-	minProfile    string
-	neededProfile string
-	certPool      *x509.CertPool
+	Port           string
+	ovpn           *OpenVpnMgt
+	key            string
+	cert           string
+	minProfile     string
+	neededProfiles []string
+	certPool       *x509.CertPool
 }
 
 func parseJsonQuery(r *http.Request) (*jsonInput, error) {
@@ -119,9 +119,9 @@ func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	webuser := strings.Replace(r.TLS.PeerCertificates[0].Subject.CommonName, " ", "", -1)
-	profile, _, _ := h.ovpn.AuthLoop(h.minProfile, webuser, "", false)
-	if profile != h.neededProfile {
-		http.Error(w, fmt.Sprintf("You need the %s profile", h.neededProfile), 403)
+	_, _, _, profilePath := h.ovpn.AuthLoop(h.minProfile, webuser, "", false)
+	if inArray(h.neededProfiles, profilePath) {
+		http.Error(w, fmt.Sprintf("You need on of %s profile", h.neededProfiles), 403)
 		return
 	}
 	log.Printf("%s is connected via the web interfaces\n", webuser)
@@ -152,14 +152,14 @@ func (h *HttpServer) ajaxHandler(w http.ResponseWriter, r *http.Request) {
 	return
 }
 
-func NewHTTPServer(port, key, cert, ca, minProfile, neededProfile string, s *OpenVpnMgt) {
+func NewHTTPServer(port, key, cert, ca, minProfile string, neededProfiles []string, s *OpenVpnMgt) {
 	h := &HttpServer{
-		Port:          port,
-		ovpn:          s,
-		key:           key,
-		cert:          cert,
-		minProfile:    minProfile,
-		neededProfile: neededProfile,
+		Port:           port,
+		ovpn:           s,
+		key:            key,
+		cert:           cert,
+		minProfile:     minProfile,
+		neededProfiles: neededProfiles,
 	}
 
 	http.HandleFunc("/help", h.helpHandler)