1
0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-25 02:34:31 +01:00

fix authentification and permission handling

This commit is contained in:
kakwa 2015-05-30 21:33:44 +02:00
parent c8ee1768d5
commit 5d93bdcbe9

View File

@ -362,6 +362,10 @@ class LdapCherry(object):
return render_error(alert, message) return render_error(alert, message)
def _check_auth(self, must_admin): def _check_auth(self, must_admin):
username = cherrypy.session.get(SESSION_KEY)
if not username:
raise cherrypy.HTTPRedirect("/signin")
if not 'connected' in cherrypy.session or not cherrypy.session['connected']: if not 'connected' in cherrypy.session or not cherrypy.session['connected']:
raise cherrypy.HTTPRedirect("/signin") raise cherrypy.HTTPRedirect("/signin")
if cherrypy.session['connected'] and \ if cherrypy.session['connected'] and \
@ -369,10 +373,10 @@ class LdapCherry(object):
if must_admin: if must_admin:
raise cherrypy.HTTPError("403 Forbidden", "You are not allowed to access this resource.") raise cherrypy.HTTPError("403 Forbidden", "You are not allowed to access this resource.")
else: else:
return return username
if cherrypy.session['connected'] and \ if cherrypy.session['connected'] and \
cherrypy.session['isadmin']: cherrypy.session['isadmin']:
return return username
else: else:
raise cherrypy.HTTPRedirect("/signin") raise cherrypy.HTTPRedirect("/signin")
@ -391,9 +395,14 @@ class LdapCherry(object):
cherrypy.session['connected'] = auth['connected'] cherrypy.session['connected'] = auth['connected']
if auth['connected']: if auth['connected']:
message = "login success for user '%(user)s'" % { if auth['isadmin']:
'user': login message = "login success for user '%(user)s' as administrator" % {
} 'user': login
}
else:
message = "login success for user '%(user)s' as normal user" % {
'user': login
}
cherrypy.log.error( cherrypy.log.error(
msg = message, msg = message,
severity = logging.INFO severity = logging.INFO
@ -434,7 +443,7 @@ class LdapCherry(object):
"""main page rendering """main page rendering
""" """
self._check_auth(must_admin=False) self._check_auth(must_admin=False)
pass return self.temp_index.render()
@cherrypy.expose @cherrypy.expose
def searchuser(self): def searchuser(self):