security-and-privacy/ldapcherry
security-and-privacy/ldapcherry
1
0
Fork 0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-22 09:24:21 +01:00
Code Releases Activity

implementing access controle methods

Browse Source
This commit is contained in:
kakwa 2015-05-28 00:57:15 +02:00
parent bbb4ec4117
commit 0ae234383a
1 changed files with 24 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
ldapcherry/__init__.py
View File

@ -361,6 +361,21 @@ class LdapCherry(object):
message = 'Example warning' message = 'Example warning'
return render_error(alert, message) return render_error(alert, message)
def _check_auth(self, must_admin):
if not 'connected' in cherrypy.session or not cherrypy.session['connected']:
raise cherrypy.HTTPRedirect("/signin")
if cherrypy.session['connected'] and \
not cherrypy.session['isadmin']:
if must_admin:
raise cherrypy.HTTPError("403 Forbidden", "You are not allowed to access this resource.")
else:
return
if cherrypy.session['connected'] and \
cherrypy.session['isadmin']:
return
else:
raise cherrypy.HTTPRedirect("/signin")
@cherrypy.expose @cherrypy.expose
def signin(self): def signin(self):
"""simple signin page """simple signin page
@ -372,6 +387,9 @@ class LdapCherry(object):
"""login page """login page
""" """
auth = self._auth(login, password) auth = self._auth(login, password)
cherrypy.session['isadmin'] = auth['isadmin']
cherrypy.session['connected'] = auth['connected']
if auth['connected']: if auth['connected']:
message = "login success for user '%(user)s'" % { message = "login success for user '%(user)s'" % {
'user': login 'user': login
@ -381,7 +399,6 @@ class LdapCherry(object):
severity = logging.INFO severity = logging.INFO
) )
cherrypy.session[SESSION_KEY] = cherrypy.request.login = login cherrypy.session[SESSION_KEY] = cherrypy.request.login = login
cherrypy.session['isadmin'] = auth['isadmin']
raise cherrypy.HTTPRedirect("/") raise cherrypy.HTTPRedirect("/")
else: else:
message = "login failed for user '%(user)s'" % { message = "login failed for user '%(user)s'" % {
@ -405,36 +422,41 @@ class LdapCherry(object):
msg = message, msg = message,
severity = logging.INFO severity = logging.INFO
) )
raise cherrypy.HTTPRedirect("/signin") raise cherrypy.HTTPRedirect("/signin")
@cherrypy.expose @cherrypy.expose
def index(self, **params): def index(self, **params):
"""main page rendering """main page rendering
""" """
self._check_auth(must_admin=False)
pass pass
@cherrypy.expose @cherrypy.expose
def searchuser(self): def searchuser(self):
""" search user page """ """ search user page """
self._check_auth(must_admin=True)
pass pass
@cherrypy.expose @cherrypy.expose
def adduser(self): def adduser(self):
""" add user page """ """ add user page """
self._check_auth(must_admin=True)
pass pass
@cherrypy.expose @cherrypy.expose
def removeuser(self): def removeuser(self):
""" remove user page """ """ remove user page """
self._check_auth(must_admin=True)
pass pass
@cherrypy.expose @cherrypy.expose
def modifyuser(self): def modifyuser(self):
""" modify user page """ """ modify user page """
self._check_auth(must_admin=True)
pass pass
@cherrypy.expose @cherrypy.expose
def modifyself(self): def modifyself(self):
""" self modify user page """ """ self modify user page """
self._check_auth(must_admin=False)
pass pass