From 3ee20cbb3a4d11701c61edff4ef26e3dbdc760a7 Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Sun, 12 Jul 2020 23:52:09 +0200
Subject: [PATCH] hide not accessable items from navbar
---
uffd/group/views.py | 4 ++--
uffd/navbar.py | 3 ++-
uffd/selfservice/views.py | 4 ++--
uffd/session/__init__.py | 2 +-
uffd/session/views.py | 7 ++++---
uffd/templates/base.html | 12 +++++++++++-
uffd/user/views.py | 4 ++--
7 files changed, 24 insertions(+), 12 deletions(-)
diff --git a/uffd/group/views.py b/uffd/group/views.py
index 07f4ee00..cc4583ec 100644
--- a/uffd/group/views.py
+++ b/uffd/group/views.py
@@ -2,7 +2,7 @@ from flask import Blueprint, current_app, render_template
from uffd.navbar import register_navbar
from uffd.ldap import get_conn, escape_filter_chars
-from uffd.session import login_required
+from uffd.session import login_required, is_valid_session
from .models import Group
@@ -14,7 +14,7 @@ def group_acl():
pass
@bp.route("/")
-@register_navbar('Groups', icon='layer-group', blueprint=bp)
+@register_navbar('Groups', icon='layer-group', blueprint=bp, visible=is_valid_session)
def group_list():
conn = get_conn()
conn.search(current_app.config["LDAP_BASE_GROUPS"], '(objectclass=groupOfUniqueNames)')
diff --git a/uffd/navbar.py b/uffd/navbar.py
index d3ff77d4..462626a2 100644
--- a/uffd/navbar.py
+++ b/uffd/navbar.py
@@ -9,7 +9,7 @@ def setup_navbar(app):
# ( see: http://getbootstrap.com/components/#glyphicons )
# or 'fa'
# ( see: http://fontawesome.io/icons/ )
-def register_navbar(name, iconlib='fa', icon=None, group=None, endpoint=None, blueprint=None):
+def register_navbar(name, iconlib='fa', icon=None, group=None, endpoint=None, blueprint=None, visible=None):
def wrapper(func):
urlendpoint = endpoint
if not endpoint:
@@ -26,6 +26,7 @@ def register_navbar(name, iconlib='fa', icon=None, group=None, endpoint=None, bl
item['endpoint'] = urlendpoint
item['name'] = name
item['blueprint'] = blueprint
+ item['visible'] = visible
navbarList.append(item)
return func
return wrapper
diff --git a/uffd/selfservice/views.py b/uffd/selfservice/views.py
index a6204a56..fe8e5035 100644
--- a/uffd/selfservice/views.py
+++ b/uffd/selfservice/views.py
@@ -5,7 +5,7 @@ from uffd.csrf import csrf_protect
from uffd.user.models import User
from uffd.group.models import Group
-from uffd.session import get_current_user, login_required
+from uffd.session import get_current_user, login_required, is_valid_session
from uffd.ldap import get_conn, escape_filter_chars
bp = Blueprint("selfservice", __name__, template_folder='templates', url_prefix='/self/')
@@ -16,7 +16,7 @@ def self_acl():
pass
@bp.route("/")
-@register_navbar('Selfservice', icon='portrait', blueprint=bp)
+@register_navbar('Selfservice', icon='portrait', blueprint=bp, visible=is_valid_session)
def self_index():
return render_template('self.html', user=get_current_user())
diff --git a/uffd/session/__init__.py b/uffd/session/__init__.py
index 2009dfac..a7391f91 100644
--- a/uffd/session/__init__.py
+++ b/uffd/session/__init__.py
@@ -1,3 +1,3 @@
-from .views import bp as bp_ui, get_current_user, login_required, is_user_in_group
+from .views import bp as bp_ui, get_current_user, login_required, is_user_in_group, is_valid_session
bp = [bp_ui]
diff --git a/uffd/session/views.py b/uffd/session/views.py
index d1364e40..d65dc3fa 100644
--- a/uffd/session/views.py
+++ b/uffd/session/views.py
@@ -10,7 +10,6 @@ from uffd.ldap import get_conn, user_conn, uid_to_dn
bp = Blueprint("session", __name__, template_folder='templates', url_prefix='/')
-@register_navbar('Logout', icon='sign-out-alt', blueprint=bp)
@bp.route("/logout")
def logout():
session.clear()
@@ -34,7 +33,7 @@ def login():
user = User.from_ldap(conn.entries[0])
session['user_uid'] = user.uid
session['logintime'] = datetime.datetime.now().timestamp()
- return redirect(url_for('index'))
+ return redirect(request.values.get('ref', url_for('index')))
def get_current_user():
if not session.get('user_uid'):
@@ -49,16 +48,18 @@ def is_valid_session():
flash('Session timed out')
return False
return True
+bp.add_app_template_global(is_valid_session)
def is_user_in_group(user, group):
return True
+bp.add_app_template_global(is_user_in_group)
def login_required(view, group=None):
@functools.wraps(view)
def wrapped_view(**kwargs):
if not is_valid_session():
flash('You need to login first')
- return redirect(url_for('session.login'))
+ return redirect(url_for('session.login', ref=request.url))
if not is_user_in_group(get_current_user, group):
flash('Access denied')
return redirect(url_for('index'))
diff --git a/uffd/templates/base.html b/uffd/templates/base.html
index 8e3db300..bc28ec2f 100644
--- a/uffd/templates/base.html
+++ b/uffd/templates/base.html
@@ -42,7 +42,7 @@
<div class="collapse navbar-collapse" id="baseNavbar">
<ul class="navbar-nav mr-auto">
- {% for n in navbar if (not n.group) %}
+ {% for n in navbar if (not n.group) and (not n.visible or n.visible()) %}
{{ navbaricon(n) }}
{% endfor %}
@@ -66,6 +66,16 @@
</li>
{% endfor %}
</ul>
+ {% if is_valid_session() %}
+ <ul class="navbar-nav ml-auto">
+ <li class="nav-item">
+ <a class="nav-link" href="{{ url_for("session.logout") }}">
+ <span aria-hidden="true" class="fa fa-sign-out-alt"></span>
+ Logout
+ </a>
+ </li>
+ </ul>
+ {% endif %}
</div>
diff --git a/uffd/user/views.py b/uffd/user/views.py
index ca0a7823..ed38feaa 100644
--- a/uffd/user/views.py
+++ b/uffd/user/views.py
@@ -3,7 +3,7 @@ from flask import Blueprint, render_template, request, url_for, redirect, flash,
from uffd.navbar import register_navbar
from uffd.csrf import csrf_protect
from uffd.ldap import get_conn, escape_filter_chars
-from uffd.session import login_required
+from uffd.session import login_required, is_valid_session
from .models import User
@@ -15,7 +15,7 @@ def user_acl():
pass
@bp.route("/")
-@register_navbar('Users', icon='users', blueprint=bp)
+@register_navbar('Users', icon='users', blueprint=bp, visible=is_valid_session)
def user_list():
conn = get_conn()
conn.search(current_app.config["LDAP_BASE_USER"], '(objectclass=person)')
--
GitLab