mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-25 02:34:31 +01:00
fix authentification and permission handling
This commit is contained in:
parent
c8ee1768d5
commit
5d93bdcbe9
@ -362,6 +362,10 @@ class LdapCherry(object):
|
|||||||
return render_error(alert, message)
|
return render_error(alert, message)
|
||||||
|
|
||||||
def _check_auth(self, must_admin):
|
def _check_auth(self, must_admin):
|
||||||
|
username = cherrypy.session.get(SESSION_KEY)
|
||||||
|
if not username:
|
||||||
|
raise cherrypy.HTTPRedirect("/signin")
|
||||||
|
|
||||||
if not 'connected' in cherrypy.session or not cherrypy.session['connected']:
|
if not 'connected' in cherrypy.session or not cherrypy.session['connected']:
|
||||||
raise cherrypy.HTTPRedirect("/signin")
|
raise cherrypy.HTTPRedirect("/signin")
|
||||||
if cherrypy.session['connected'] and \
|
if cherrypy.session['connected'] and \
|
||||||
@ -369,10 +373,10 @@ class LdapCherry(object):
|
|||||||
if must_admin:
|
if must_admin:
|
||||||
raise cherrypy.HTTPError("403 Forbidden", "You are not allowed to access this resource.")
|
raise cherrypy.HTTPError("403 Forbidden", "You are not allowed to access this resource.")
|
||||||
else:
|
else:
|
||||||
return
|
return username
|
||||||
if cherrypy.session['connected'] and \
|
if cherrypy.session['connected'] and \
|
||||||
cherrypy.session['isadmin']:
|
cherrypy.session['isadmin']:
|
||||||
return
|
return username
|
||||||
else:
|
else:
|
||||||
raise cherrypy.HTTPRedirect("/signin")
|
raise cherrypy.HTTPRedirect("/signin")
|
||||||
|
|
||||||
@ -391,9 +395,14 @@ class LdapCherry(object):
|
|||||||
cherrypy.session['connected'] = auth['connected']
|
cherrypy.session['connected'] = auth['connected']
|
||||||
|
|
||||||
if auth['connected']:
|
if auth['connected']:
|
||||||
message = "login success for user '%(user)s'" % {
|
if auth['isadmin']:
|
||||||
'user': login
|
message = "login success for user '%(user)s' as administrator" % {
|
||||||
}
|
'user': login
|
||||||
|
}
|
||||||
|
else:
|
||||||
|
message = "login success for user '%(user)s' as normal user" % {
|
||||||
|
'user': login
|
||||||
|
}
|
||||||
cherrypy.log.error(
|
cherrypy.log.error(
|
||||||
msg = message,
|
msg = message,
|
||||||
severity = logging.INFO
|
severity = logging.INFO
|
||||||
@ -434,7 +443,7 @@ class LdapCherry(object):
|
|||||||
"""main page rendering
|
"""main page rendering
|
||||||
"""
|
"""
|
||||||
self._check_auth(must_admin=False)
|
self._check_auth(must_admin=False)
|
||||||
pass
|
return self.temp_index.render()
|
||||||
|
|
||||||
@cherrypy.expose
|
@cherrypy.expose
|
||||||
def searchuser(self):
|
def searchuser(self):
|
||||||
|
Loading…
Reference in New Issue
Block a user