bitvend: move admin access to vending-admin group
parent
a9012778fc
commit
ef71d8732a
|
@ -1,13 +1,52 @@
|
|||
from flask import Blueprint, render_template, redirect, request, flash, url_for
|
||||
import time
|
||||
|
||||
from six import wraps
|
||||
from flask import (
|
||||
Blueprint,
|
||||
render_template,
|
||||
redirect,
|
||||
request,
|
||||
flash,
|
||||
url_for,
|
||||
session,
|
||||
abort,
|
||||
)
|
||||
from flask_login import current_user, fresh_login_required
|
||||
|
||||
from bitvend import dev
|
||||
from bitvend import dev, spaceauth
|
||||
from bitvend.models import db, Transaction
|
||||
from bitvend.forms import ManualForm
|
||||
from spaceauth import cap_required
|
||||
|
||||
|
||||
admin_required = cap_required("staff")
|
||||
def get_user_groups():
|
||||
groups = session.get("groups", [])
|
||||
groups_uid = session.get("groups_uid", "")
|
||||
groups_ts = session.get("groups_ts", 0)
|
||||
|
||||
if not groups or groups_uid != current_user.uid or time.time() - groups_ts >= 60.0:
|
||||
groups = spaceauth.remote.get("/api/1/userinfo").data.get("groups")
|
||||
|
||||
session["groups"] = groups
|
||||
session["groups_ts"] = time.time()
|
||||
session["groups_uid"] = current_user.uid
|
||||
|
||||
return session["groups"]
|
||||
|
||||
|
||||
# Checks if user is a member of vending-admin group
|
||||
def admin_required(fn):
|
||||
@wraps(fn)
|
||||
def wrapped(*args, **kwargs):
|
||||
groups = get_user_groups()
|
||||
if "vending-admin" not in groups:
|
||||
abort(403)
|
||||
|
||||
return fn(*args, **kwargs)
|
||||
|
||||
return wrapped
|
||||
|
||||
|
||||
bp = Blueprint("admin", __name__)
|
||||
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ def index():
|
|||
transfer_form=TransferForm(),
|
||||
hallofshame=hall_of_shame(),
|
||||
hallofaddicts=hall_of_addicts(),
|
||||
hallofaddicts_30d=hall_of_addicts(window=24*30),
|
||||
hallofaddicts_30d=hall_of_addicts(window=24 * 30),
|
||||
bottles_purchased=bottles_purchased(),
|
||||
)
|
||||
|
||||
|
@ -65,13 +65,6 @@ def transfer():
|
|||
return redirect(url_for(".index"))
|
||||
|
||||
|
||||
@bp.route("/log")
|
||||
@login_required
|
||||
@cap_required("staff")
|
||||
def log():
|
||||
return render_template("log.html", transactions=Transaction.query.all())
|
||||
|
||||
|
||||
@bp.route("/begin")
|
||||
@login_required
|
||||
def begin():
|
||||
|
|
Loading…
Reference in New Issue