code reorganization+docstrings

2024-11-25 18:54:29 +01:00 · 2015-07-13 10:08:47 +02:00 · 2015-07-13 10:08:47 +02:00 · 0a4164c8b5
commit 0a4164c8b5
parent 11064322db
1 changed files with 31 additions and 13 deletions
--- a/ldapcherry/init.py
+++ b/ldapcherry/init.py
@ -408,16 +408,6 @@ class LdapCherry(object):
        self.temp_modify = \
            self.temp_lookup.get_template('modify.tmpl')

-        self._init_auth(config)
-
-        self.attributes_file = \
-            self._get_param('attributes', 'attributes.file', config)
-        cherrypy.log.error(
-            msg="loading attributes file '%(file)s'" %
-                {'file': self.attributes_file},
-            severity=logging.DEBUG
-        )
-
    def reload(self, config=None):
        """ load/reload configuration
        @dict: configuration of ldapcherry
@ -442,6 +432,18 @@ class LdapCherry(object):
            # load template files
            self._load_templates(config)

+            # loading the auth configuration
+            self._init_auth(config)
+
+            # Loading the attributes
+            self.attributes_file = \
+                self._get_param('attributes', 'attributes.file', config)
+            cherrypy.log.error(
+                msg="loading attributes file '%(file)s'" %
+                    {'file': self.attributes_file},
+                severity=logging.DEBUG
+            )
+
            self.attributes = Attributes(self.attributes_file)

            cherrypy.log.error(
@ -450,14 +452,15 @@ class LdapCherry(object):
            )
            self._init_backends(config)
            self._check_backends()
+
+            # loading the ppolicy
+            self._init_ppolicy(config)
+
            cherrypy.log.error(
                msg="application started",
                severity=logging.INFO
            )

-            # loading the ppolicy
-            self._init_ppolicy(config)
-
        except Exception as e:
            self._handle_exception(e)
            cherrypy.log.error(
@ -532,11 +535,23 @@ class LdapCherry(object):
        return ret

    def _check_admin(self):
+        """ check in the session database if current user
+        is an ldapcherry administrator
+        @rtype: boolean, True if administrator, False otherwise
+        """
        if self.auth_mode == 'none':
            return True
        return cherrypy.session['isadmin']

    def _check_auth(self, must_admin):
+        """ check if a user is autheticated and, optionnaly an administrator
+        if user not authentifaced -> redirection to login page (with base64
+            of the originaly requested page (redirection after login)
+        if user authenticated, not admin and must_admin enabled -> 403 error
+        @boolean must_admin: flag "user must be an administrator to access
+            this page"
+        @rtype str: login of the user
+        """
        if self.auth_mode == 'none':
            return 'anonymous'
        username = cherrypy.session.get(SESSION_KEY)
@ -545,8 +560,10 @@ class LdapCherry(object):
            qs = ''
        else:
            qs = '?' + cherrypy.request.query_string
+        # base64 of the requested URL
        b64requrl = base64.b64encode(cherrypy.url() + qs)
        if not username:
+            # return to login page (with base64 of the url in query string
            raise cherrypy.HTTPRedirect(
                "/signin?url=%(url)s" % {'url': b64requrl},
                )
@ -559,6 +576,7 @@ class LdapCherry(object):
        if cherrypy.session['connected'] and \
                not cherrypy.session['isadmin']:
            if must_admin:
+                # user is not an administrator, so he gets 403 Forbidden
                raise cherrypy.HTTPError(
                    "403 Forbidden",
                    "You are not allowed to access this resource.",