Forked from
uffd / uffd
-
Julian authoredFixes #104. Replaced "group" keyword argument for login_required with "permission_check". Most views already define a *_acl_check function that returns whether the current user has the required permissions for use with register_navbar. The same function can now be passed to login_required as the "permission_check" argument. Differenciated login and selfservice access permissions. Previously ACL_SELFSERVICE_GROUP was required to login. Now ACL_ACCESS_GROUP is required to login and ACL_SELFSERVICE_GROUP is required to access selfservice functions (and to use role-granting invite links). A user with just ACL_ACCESS_GROUP can now login, access the services overview page and authenticate with OAuth2 services he has access to, but not change his user attributes, password or roles/permissions.
Julian authoredFixes #104. Replaced "group" keyword argument for login_required with "permission_check". Most views already define a *_acl_check function that returns whether the current user has the required permissions for use with register_navbar. The same function can now be passed to login_required as the "permission_check" argument. Differenciated login and selfservice access permissions. Previously ACL_SELFSERVICE_GROUP was required to login. Now ACL_ACCESS_GROUP is required to login and ACL_SELFSERVICE_GROUP is required to access selfservice functions (and to use role-granting invite links). A user with just ACL_ACCESS_GROUP can now login, access the services overview page and authenticate with OAuth2 services he has access to, but not change his user attributes, password or roles/permissions.