require admin for /admin/* paths
parent
3fcb7d2a4f
commit
bdfefcb234
|
@ -255,7 +255,9 @@ def ldap_get_all_users_groupped(conn):
|
||||||
@app.route('/admin/')
|
@app.route('/admin/')
|
||||||
@login_required
|
@login_required
|
||||||
def admin_list():
|
def admin_list():
|
||||||
# TODO: check if user is admin
|
if not flask.session['is_admin']:
|
||||||
|
flask.abort(403)
|
||||||
|
|
||||||
conn = context.get_connection()
|
conn = context.get_connection()
|
||||||
user_groups = ldap_get_all_users_groupped(conn)
|
user_groups = ldap_get_all_users_groupped(conn)
|
||||||
|
|
||||||
|
@ -288,6 +290,9 @@ def ldap_validate_uid(uid):
|
||||||
@app.route('/admin/users/<uid>')
|
@app.route('/admin/users/<uid>')
|
||||||
@login_required
|
@login_required
|
||||||
def admin_user_view(uid):
|
def admin_user_view(uid):
|
||||||
|
if not flask.session['is_admin']:
|
||||||
|
flask.abort(403)
|
||||||
|
|
||||||
conn = context.get_connection()
|
conn = context.get_connection()
|
||||||
ldap_validate_uid(uid)
|
ldap_validate_uid(uid)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue