- if effectiveMethod != "POST" || uuid != "" || remainder != "" ||
- *clusterId == "" || *clusterId == h.handler.Cluster.ClusterID {
+ if effectiveMethod != "POST" || uuid != "" || remainder != "" {
+ return false
+ }
+
+ // First make sure supplied token is valid.
+ creds := auth.NewCredentials()
+ creds.LoadTokensFromHTTPRequest(req)
+
+ currentUser, err := h.handler.validateAPItoken(req, creds.Tokens[0])
+ if err != nil {
+ httpserver.Error(w, err.Error(), http.StatusForbidden)
+ return true
+ }
+
+ if *clusterId == "" {
+ *clusterId = h.handler.Cluster.ClusterID
+ }
+
+ if strings.HasPrefix(currentUser.Authorization.UUID, h.handler.Cluster.ClusterID) &&
+ *clusterId == h.handler.Cluster.ClusterID {
+ // local user submitting container request to local cluster