From bd27a38dc4b40cfcc2c26771b42a0cff50edaa0b Mon Sep 17 00:00:00 2001
From: nd <git@notandy.de>
Date: Mon, 13 Jul 2020 01:42:36 +0200
Subject: [PATCH] enforce access acls

---
 uffd/session/views.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/uffd/session/views.py b/uffd/session/views.py
index f7f0550f..8c4ffd28 100644
--- a/uffd/session/views.py
+++ b/uffd/session/views.py
@@ -31,6 +31,9 @@ def login():
 		flash('Login name or password is wrong')
 		return redirect(url_for('.login'))
 	user = User.from_ldap(conn.entries[0])
+	if not user.is_in_group(current_app.config['ACL_SELFSERVICE_GROUP']):
+		flash('You do not have access to this service')
+		return redirect(url_for('.login'))
 	session['user_uid'] = user.uid
 	session['logintime'] = datetime.datetime.now().timestamp()
 	return redirect(request.values.get('ref', url_for('index')))
-- 
GitLab