@@ -441,6 +441,14 @@ func licenceAddHandler(w http.ResponseWriter, r *http.Request) {
441441 return
442442 }
443443
444+ // The "public" user isn't allowed to make changes
445+ if userAcc == "public" {
446+ log .Printf ("User from '%s' attempted to add a licence using the public certificate" , r .RemoteAddr )
447+ http .Error (w , "You're using the 'public' certificate, which isn't allowed to make changes on the server" ,
448+ http .StatusUnauthorized )
449+ return
450+ }
451+
444452 // Check whether the uploaded licence file is too large
445453 if r .ContentLength > (com .MaxLicenceSize * 1024 * 1024 ) {
446454 http .Error (w ,
@@ -675,6 +683,14 @@ func licenceRemoveHandler(w http.ResponseWriter, r *http.Request) {
675683 return
676684 }
677685
686+ // The "public" user isn't allowed to make changes
687+ if userAcc == "public" {
688+ log .Printf ("User from '%s' attempted to remove a licence using the public certificate" , r .RemoteAddr )
689+ http .Error (w , "You're using the 'public' certificate, which isn't allowed to make changes on the server" ,
690+ http .StatusUnauthorized )
691+ return
692+ }
693+
678694 // Make sure a licence short name was provided
679695 l := r .FormValue ("licence_id" )
680696 if l == "" {
@@ -826,6 +842,14 @@ func postHandler(w http.ResponseWriter, r *http.Request, userAcc string) {
826842 // Set the maximum accepted database size for uploading
827843 r .Body = http .MaxBytesReader (w , r .Body , com .MaxDatabaseSize * 1024 * 1024 )
828844
845+ // The "public" user isn't allowed to make changes
846+ if userAcc == "public" {
847+ log .Printf ("User from '%s' attempted to add a database using the public certificate" , r .RemoteAddr )
848+ http .Error (w , "You're using the 'public' certificate, which isn't allowed to make changes on the server" ,
849+ http .StatusUnauthorized )
850+ return
851+ }
852+
829853 // Split the request URL into path components
830854 pathStrings := strings .Split (r .URL .Path , "/" )
831855
0 commit comments