From a5187be8a69ed71d5b404f2ec7026b7fa2852d4e Mon Sep 17 00:00:00 2001
From: Quaternions <krakow20@gmail.com>
Date: Mon, 30 Jun 2025 02:42:19 -0700
Subject: [PATCH] submissions: check role for map location

---
 pkg/service/maps.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkg/service/maps.go b/pkg/service/maps.go
index 40ea3de..9350424 100644
--- a/pkg/service/maps.go
+++ b/pkg/service/maps.go
@@ -80,6 +80,20 @@ func (svc *Service) GetMap(ctx context.Context, params api.GetMapParams) (*api.M
 //
 // GET /maps/{MapID}/location
 func (svc *Service) GetMapAssetLocation(ctx context.Context, params api.GetMapAssetLocationParams) (ok api.GetMapAssetLocationOK, err error) {
+	userInfo, success := ctx.Value("UserInfo").(UserInfoHandle)
+	if !success {
+		return ok, ErrUserInfo
+	}
+
+	has_role, err := userInfo.HasRoleMapDownload()
+	if err != nil {
+		return ok, err
+	}
+
+	if !has_role {
+		return ok, ErrPermissionDeniedNeedRoleMapDownload
+	}
+
 	// Ensure map exists in the db!
 	// This could otherwise be used to access any asset
 	_, err = svc.Maps.Get(ctx, &maps.IdMessage{
-- 
2.49.1