Skip to content
Snippets Groups Projects
Verified Commit e1b6cc1f authored by nd's avatar nd
Browse files

add admin group checking for user editing

parent 3ee20cbb
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
uffd/group/views.py
+ 1
1
View file @ e1b6cc1f
...@@ -9,7 +9,7 @@ from .models import Group ...@@ -9,7 +9,7 @@ from .models import Group
bp = Blueprint("group", __name__, template_folder='templates', url_prefix='/group/') bp = Blueprint("group", __name__, template_folder='templates', url_prefix='/group/')
@bp.before_request @bp.before_request
@login_required @login_required()
def group_acl(): def group_acl():
pass pass
......
uffd/selfservice/views.py
+ 1
1
View file @ e1b6cc1f
...@@ -11,7 +11,7 @@ from uffd.ldap import get_conn, escape_filter_chars ...@@ -11,7 +11,7 @@ from uffd.ldap import get_conn, escape_filter_chars
bp = Blueprint("selfservice", __name__, template_folder='templates', url_prefix='/self/') bp = Blueprint("selfservice", __name__, template_folder='templates', url_prefix='/self/')
@bp.before_request @bp.before_request
@login_required @login_required()
def self_acl(): def self_acl():
pass pass
......
uffd/session/__init__.py
+ 1
1
View file @ e1b6cc1f
from .views import bp as bp_ui, get_current_user, login_required, is_user_in_group, is_valid_session from .views import bp as bp_ui, get_current_user, login_required, is_valid_session
bp = [bp_ui] bp = [bp_ui]
uffd/session/views.py
+ 13
15
View file @ e1b6cc1f
...@@ -50,18 +50,16 @@ def is_valid_session(): ...@@ -50,18 +50,16 @@ def is_valid_session():
return True return True
bp.add_app_template_global(is_valid_session) bp.add_app_template_global(is_valid_session)
def is_user_in_group(user, group): def login_required(group=None):
return True def wrapper(func):
bp.add_app_template_global(is_user_in_group) @functools.wraps(func)
def decorator(*args, **kwargs):
def login_required(view, group=None):
@functools.wraps(view)
def wrapped_view(**kwargs):
if not is_valid_session(): if not is_valid_session():
flash('You need to login first') flash('You need to login first')
return redirect(url_for('session.login', ref=request.url)) return redirect(url_for('session.login', ref=request.url))
if not is_user_in_group(get_current_user, group): if not get_current_user().is_in_group(group):
flash('Access denied') flash('Access denied')
return redirect(url_for('index')) return redirect(url_for('index'))
return view(**kwargs) return func(*args, **kwargs)
return wrapped_view return decorator
return wrapper
uffd/user/models.py
+ 9
0
View file @ e1b6cc1f
...@@ -82,6 +82,15 @@ class User(): ...@@ -82,6 +82,15 @@ class User():
self._groups = groups self._groups = groups
return groups return groups
def is_in_group(self, name):
if not name:
return True
groups = self.get_groups()
for i in groups:
if i.name == name:
return True
return False
def set_loginname(self, value): def set_loginname(self, value):
if len(value) > 32 or len(value) < 1: if len(value) > 32 or len(value) < 1:
return False return False
......
uffd/user/views.py
+ 1
1
View file @ e1b6cc1f
...@@ -10,7 +10,7 @@ from .models import User ...@@ -10,7 +10,7 @@ from .models import User
bp = Blueprint("user", __name__, template_folder='templates', url_prefix='/user/') bp = Blueprint("user", __name__, template_folder='templates', url_prefix='/user/')
@bp.before_request @bp.before_request
@login_required @login_required(group='admins')
def user_acl(): def user_acl():
pass pass
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutzerklärung