1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-29 04:34:30 +01:00

code reorganization+docstrings

This commit is contained in:
kakwa 2015-07-13 10:08:47 +02:00
parent 11064322db
commit 0a4164c8b5

View File

@ -408,16 +408,6 @@ class LdapCherry(object):
self.temp_modify = \ self.temp_modify = \
self.temp_lookup.get_template('modify.tmpl') self.temp_lookup.get_template('modify.tmpl')
self._init_auth(config)
self.attributes_file = \
self._get_param('attributes', 'attributes.file', config)
cherrypy.log.error(
msg="loading attributes file '%(file)s'" %
{'file': self.attributes_file},
severity=logging.DEBUG
)
def reload(self, config=None): def reload(self, config=None):
""" load/reload configuration """ load/reload configuration
@dict: configuration of ldapcherry @dict: configuration of ldapcherry
@ -442,6 +432,18 @@ class LdapCherry(object):
# load template files # load template files
self._load_templates(config) self._load_templates(config)
# loading the auth configuration
self._init_auth(config)
# Loading the attributes
self.attributes_file = \
self._get_param('attributes', 'attributes.file', config)
cherrypy.log.error(
msg="loading attributes file '%(file)s'" %
{'file': self.attributes_file},
severity=logging.DEBUG
)
self.attributes = Attributes(self.attributes_file) self.attributes = Attributes(self.attributes_file)
cherrypy.log.error( cherrypy.log.error(
@ -450,14 +452,15 @@ class LdapCherry(object):
) )
self._init_backends(config) self._init_backends(config)
self._check_backends() self._check_backends()
# loading the ppolicy
self._init_ppolicy(config)
cherrypy.log.error( cherrypy.log.error(
msg="application started", msg="application started",
severity=logging.INFO severity=logging.INFO
) )
# loading the ppolicy
self._init_ppolicy(config)
except Exception as e: except Exception as e:
self._handle_exception(e) self._handle_exception(e)
cherrypy.log.error( cherrypy.log.error(
@ -532,11 +535,23 @@ class LdapCherry(object):
return ret return ret
def _check_admin(self): def _check_admin(self):
""" check in the session database if current user
is an ldapcherry administrator
@rtype: boolean, True if administrator, False otherwise
"""
if self.auth_mode == 'none': if self.auth_mode == 'none':
return True return True
return cherrypy.session['isadmin'] return cherrypy.session['isadmin']
def _check_auth(self, must_admin): def _check_auth(self, must_admin):
""" check if a user is autheticated and, optionnaly an administrator
if user not authentifaced -> redirection to login page (with base64
of the originaly requested page (redirection after login)
if user authenticated, not admin and must_admin enabled -> 403 error
@boolean must_admin: flag "user must be an administrator to access
this page"
@rtype str: login of the user
"""
if self.auth_mode == 'none': if self.auth_mode == 'none':
return 'anonymous' return 'anonymous'
username = cherrypy.session.get(SESSION_KEY) username = cherrypy.session.get(SESSION_KEY)
@ -545,8 +560,10 @@ class LdapCherry(object):
qs = '' qs = ''
else: else:
qs = '?' + cherrypy.request.query_string qs = '?' + cherrypy.request.query_string
# base64 of the requested URL
b64requrl = base64.b64encode(cherrypy.url() + qs) b64requrl = base64.b64encode(cherrypy.url() + qs)
if not username: if not username:
# return to login page (with base64 of the url in query string
raise cherrypy.HTTPRedirect( raise cherrypy.HTTPRedirect(
"/signin?url=%(url)s" % {'url': b64requrl}, "/signin?url=%(url)s" % {'url': b64requrl},
) )
@ -559,6 +576,7 @@ class LdapCherry(object):
if cherrypy.session['connected'] and \ if cherrypy.session['connected'] and \
not cherrypy.session['isadmin']: not cherrypy.session['isadmin']:
if must_admin: if must_admin:
# user is not an administrator, so he gets 403 Forbidden
raise cherrypy.HTTPError( raise cherrypy.HTTPError(
"403 Forbidden", "403 Forbidden",
"You are not allowed to access this resource.", "You are not allowed to access this resource.",