require admin for /admin/* paths
parent
3fcb7d2a4f
commit
bdfefcb234
|
@ -255,7 +255,9 @@ def ldap_get_all_users_groupped(conn):
|
|||
@app.route('/admin/')
|
||||
@login_required
|
||||
def admin_list():
|
||||
# TODO: check if user is admin
|
||||
if not flask.session['is_admin']:
|
||||
flask.abort(403)
|
||||
|
||||
conn = context.get_connection()
|
||||
user_groups = ldap_get_all_users_groupped(conn)
|
||||
|
||||
|
@ -288,6 +290,9 @@ def ldap_validate_uid(uid):
|
|||
@app.route('/admin/users/<uid>')
|
||||
@login_required
|
||||
def admin_user_view(uid):
|
||||
if not flask.session['is_admin']:
|
||||
flask.abort(403)
|
||||
|
||||
conn = context.get_connection()
|
||||
ldap_validate_uid(uid)
|
||||
|
||||
|
|
Loading…
Reference in New Issue