add admin group checking for user editing

e1b6cc1f · nd · 3ee20cbb · e1b6cc1f · e1b6cc1f · e1b6cc1f
Verified Commit e1b6cc1f authored 4 years ago by nd
--- a/uffd/group/views.py
+++ b/uffd/group/views.py
@@ -9,7 +9,7 @@ from .models import Group
 bp = Blueprint("group", __name__, template_folder='templates', url_prefix='/group/')

 @bp.before_request
-@login_required
+@login_required()
 def group_acl():
 	pass


--- a/uffd/selfservice/views.py
+++ b/uffd/selfservice/views.py
@@ -11,7 +11,7 @@ from uffd.ldap import get_conn, escape_filter_chars
 bp = Blueprint("selfservice", __name__, template_folder='templates', url_prefix='/self/')

 @bp.before_request
-@login_required
+@login_required()
 def self_acl():
 	pass


--- a/uffd/session/__init__.py
+++ b/uffd/session/__init__.py
-from .views import bp as bp_ui, get_current_user, login_required, is_user_in_group, is_valid_session
+from .views import bp as bp_ui, get_current_user, login_required, is_valid_session

 bp = [bp_ui]
--- a/uffd/session/views.py
+++ b/uffd/session/views.py
@@ -50,18 +50,16 @@ def is_valid_session():
 	return True
 bp.add_app_template_global(is_valid_session)

-def is_user_in_group(user, group):
-	return True
-bp.add_app_template_global(is_user_in_group)
-
-def login_required(view, group=None):
-	@functools.wraps(view)
-	def wrapped_view(**kwargs):
-		if not is_valid_session():
-			flash('You need to login first')
-			return redirect(url_for('session.login', ref=request.url))
-		if not is_user_in_group(get_current_user, group):
-			flash('Access denied')
-			return redirect(url_for('index'))
-		return view(**kwargs)
-	return wrapped_view
+def login_required(group=None):
+	def wrapper(func):
+		@functools.wraps(func)
+		def decorator(*args, **kwargs):
+			if not is_valid_session():
+				flash('You need to login first')
+				return redirect(url_for('session.login', ref=request.url))
+			if not get_current_user().is_in_group(group):
+				flash('Access denied')
+				return redirect(url_for('index'))
+			return func(*args, **kwargs)
+		return decorator
+	return wrapper
--- a/uffd/user/models.py
+++ b/uffd/user/models.py
@@ -82,6 +82,15 @@ class User():
 		self._groups = groups
 		return groups

+	def is_in_group(self, name):
+		if not name:
+			return True
+		groups = self.get_groups()
+		for i in groups:
+			if i.name == name:
+				return True
+		return False
+
 	def set_loginname(self, value):
 		if len(value) > 32 or len(value) < 1:
 			return False

--- a/uffd/user/views.py
+++ b/uffd/user/views.py
@@ -10,7 +10,7 @@ from .models import User
 bp = Blueprint("user", __name__, template_folder='templates', url_prefix='/user/')

 @bp.before_request
-@login_required
+@login_required(group='admins')
 def user_acl():
 	pass