auth: Fix capability cache for other users...

2017-04-21 17:46:06 +02:00 · 2017-04-21 17:46:06 +02:00 · 13e6269969
parent ca53984dbb
commit 13e6269969
2 changed files with 5 additions and 3 deletions
--- a/bitvend/auth.py
+++ b/bitvend/auth.py
@ -40,7 +40,9 @@ def cap_check(capability, user=None):
        return False

    user = user or current_user.get_id()
-    cached_cap = session.get('_caps', {}).get(capability, (False, 0))
+
+    cache_key = '{}-{}'.format(user, capability)
+    cached_cap = session.get('_caps', {}).get(cache_key, (False, 0))

    if cached_cap[1] > time.time():
        return cached_cap[0]
@ -52,7 +54,7 @@ def cap_check(capability, user=None):
    if '_caps' not in session:
        session['_caps'] = {}

-    session['_caps'][capability] = \
+    session['_caps'][cache_key] = \
        (allowed, time.time() + current_app.config.get('CAP_TTL', 3600))

    return allowed
--- a/bitvend/templates/base.html
+++ b/bitvend/templates/base.html
@ -40,7 +40,7 @@
        <div class="navbar navbar-default navbar-fixed-top">
            <div class="container">
                <div class="navbar-header">
-                    <a href="../" class="navbar-brand">bitvend</a>
+                    <a href="{{ url_for('bitvend.index') }}" class="navbar-brand">bitvend</a>
                    <button class="navbar-toggle" type="button" data-toggle="collapse" data-target="#navbar-main">
                        <span class="icon-bar"></span>
                        <span class="icon-bar"></span>