Changed permission check to requested namespace

Original code checked to see if the user had submit-job on the default namespace.

Changed permission check to requested namespace
Original code checked to see if the user had submit-job on the default namespace.
eca6f857 · Charlie Voiselle · 13d3a662 · eca6f857
Commit eca6f857 authored 7 years ago by Charlie Voiselle
Hide whitespace changes
Inline Side-by-side

Showing

with 2 additions and 2 deletions
+2 -2
--- a/nomad/job_endpoint.go
+++ b/nomad/job_endpoint.go
@@ -1023,12 +1023,12 @@ func (j *Job) Plan(args *structs.JobPlanRequest, reply *structs.JobPlanResponse)
 	if aclObj, err := j.srv.ResolveToken(args.AuthToken); err != nil {
 		return err
 	} else if aclObj != nil {
-		if !aclObj.AllowNsOp(structs.DefaultNamespace, acl.NamespaceCapabilitySubmitJob) {
+		if !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySubmitJob) {
 			return structs.ErrPermissionDenied
 		}
 		// Check if override is set and we do not have permissions
 		if args.PolicyOverride {
-			if !aclObj.AllowNsOp(structs.DefaultNamespace, acl.NamespaceCapabilitySentinelOverride) {
+			if !aclObj.AllowNsOp(args.RequestNamespace(), acl.NamespaceCapabilitySentinelOverride) {
 				return structs.ErrPermissionDenied
 			}
 		}