mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-25 18:54:29 +01:00
implementing access controle methods
This commit is contained in:
parent
bbb4ec4117
commit
0ae234383a
@ -361,6 +361,21 @@ class LdapCherry(object):
|
|||||||
message = 'Example warning'
|
message = 'Example warning'
|
||||||
return render_error(alert, message)
|
return render_error(alert, message)
|
||||||
|
|
||||||
|
def _check_auth(self, must_admin):
|
||||||
|
if not 'connected' in cherrypy.session or not cherrypy.session['connected']:
|
||||||
|
raise cherrypy.HTTPRedirect("/signin")
|
||||||
|
if cherrypy.session['connected'] and \
|
||||||
|
not cherrypy.session['isadmin']:
|
||||||
|
if must_admin:
|
||||||
|
raise cherrypy.HTTPError("403 Forbidden", "You are not allowed to access this resource.")
|
||||||
|
else:
|
||||||
|
return
|
||||||
|
if cherrypy.session['connected'] and \
|
||||||
|
cherrypy.session['isadmin']:
|
||||||
|
return
|
||||||
|
else:
|
||||||
|
raise cherrypy.HTTPRedirect("/signin")
|
||||||
|
|
||||||
@cherrypy.expose
|
@cherrypy.expose
|
||||||
def signin(self):
|
def signin(self):
|
||||||
"""simple signin page
|
"""simple signin page
|
||||||
@ -372,6 +387,9 @@ class LdapCherry(object):
|
|||||||
"""login page
|
"""login page
|
||||||
"""
|
"""
|
||||||
auth = self._auth(login, password)
|
auth = self._auth(login, password)
|
||||||
|
cherrypy.session['isadmin'] = auth['isadmin']
|
||||||
|
cherrypy.session['connected'] = auth['connected']
|
||||||
|
|
||||||
if auth['connected']:
|
if auth['connected']:
|
||||||
message = "login success for user '%(user)s'" % {
|
message = "login success for user '%(user)s'" % {
|
||||||
'user': login
|
'user': login
|
||||||
@ -381,7 +399,6 @@ class LdapCherry(object):
|
|||||||
severity = logging.INFO
|
severity = logging.INFO
|
||||||
)
|
)
|
||||||
cherrypy.session[SESSION_KEY] = cherrypy.request.login = login
|
cherrypy.session[SESSION_KEY] = cherrypy.request.login = login
|
||||||
cherrypy.session['isadmin'] = auth['isadmin']
|
|
||||||
raise cherrypy.HTTPRedirect("/")
|
raise cherrypy.HTTPRedirect("/")
|
||||||
else:
|
else:
|
||||||
message = "login failed for user '%(user)s'" % {
|
message = "login failed for user '%(user)s'" % {
|
||||||
@ -405,36 +422,41 @@ class LdapCherry(object):
|
|||||||
msg = message,
|
msg = message,
|
||||||
severity = logging.INFO
|
severity = logging.INFO
|
||||||
)
|
)
|
||||||
|
|
||||||
raise cherrypy.HTTPRedirect("/signin")
|
raise cherrypy.HTTPRedirect("/signin")
|
||||||
|
|
||||||
@cherrypy.expose
|
@cherrypy.expose
|
||||||
def index(self, **params):
|
def index(self, **params):
|
||||||
"""main page rendering
|
"""main page rendering
|
||||||
"""
|
"""
|
||||||
|
self._check_auth(must_admin=False)
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@cherrypy.expose
|
@cherrypy.expose
|
||||||
def searchuser(self):
|
def searchuser(self):
|
||||||
""" search user page """
|
""" search user page """
|
||||||
|
self._check_auth(must_admin=True)
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@cherrypy.expose
|
@cherrypy.expose
|
||||||
def adduser(self):
|
def adduser(self):
|
||||||
""" add user page """
|
""" add user page """
|
||||||
|
self._check_auth(must_admin=True)
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@cherrypy.expose
|
@cherrypy.expose
|
||||||
def removeuser(self):
|
def removeuser(self):
|
||||||
""" remove user page """
|
""" remove user page """
|
||||||
|
self._check_auth(must_admin=True)
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@cherrypy.expose
|
@cherrypy.expose
|
||||||
def modifyuser(self):
|
def modifyuser(self):
|
||||||
""" modify user page """
|
""" modify user page """
|
||||||
|
self._check_auth(must_admin=True)
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@cherrypy.expose
|
@cherrypy.expose
|
||||||
def modifyself(self):
|
def modifyself(self):
|
||||||
""" self modify user page """
|
""" self modify user page """
|
||||||
|
self._check_auth(must_admin=False)
|
||||||
pass
|
pass
|
||||||
|
Loading…
Reference in New Issue
Block a user