Fixed access to admin-only resources in case of disabled access control
parent
552048efbe
commit
d7d8bba2e9
|
@ -574,7 +574,7 @@ def performSystemAction():
|
|||
|
||||
@app.route(BASEURL + "login", methods=["POST"])
|
||||
def login():
|
||||
if "user" in request.values.keys() and "pass" in request.values.keys():
|
||||
if userManager is not None and "user" in request.values.keys() and "pass" in request.values.keys():
|
||||
username = request.values["user"]
|
||||
password = request.values["pass"]
|
||||
|
||||
|
@ -594,8 +594,7 @@ def login():
|
|||
user = current_user
|
||||
if user is not None and not user.is_anonymous():
|
||||
return jsonify(user.asDict())
|
||||
else:
|
||||
return jsonify(SUCCESS)
|
||||
return jsonify(SUCCESS)
|
||||
|
||||
@app.route(BASEURL + "logout", methods=["POST"])
|
||||
@login_required
|
||||
|
@ -613,11 +612,7 @@ def logout():
|
|||
def on_identity_loaded(sender, identity):
|
||||
user = load_user(identity.name)
|
||||
if user is None:
|
||||
if userManager is None:
|
||||
# access control is disabled, we'll create permissions for the DummyUser
|
||||
user = users.DummyUser()
|
||||
else:
|
||||
return
|
||||
return
|
||||
|
||||
identity.provides.add(UserNeed(user.get_name()))
|
||||
if user.is_user():
|
||||
|
@ -628,7 +623,7 @@ def on_identity_loaded(sender, identity):
|
|||
def load_user(id):
|
||||
if userManager is not None:
|
||||
return userManager.findUser(id)
|
||||
return None
|
||||
return users.DummyUser()
|
||||
|
||||
#~~ startup code
|
||||
class Server():
|
||||
|
@ -674,6 +669,7 @@ class Server():
|
|||
login_manager.user_callback = load_user
|
||||
if userManager is None:
|
||||
login_manager.anonymous_user = users.DummyUser
|
||||
principals.identity_loaders.appendleft(users.dummy_identity_loader)
|
||||
login_manager.init_app(app)
|
||||
|
||||
if self._host is None:
|
||||
|
|
|
@ -3,6 +3,7 @@ __author__ = "Gina Häußge <osd@foosel.net>"
|
|||
__license__ = 'GNU Affero General Public License http://www.gnu.org/licenses/agpl.html'
|
||||
|
||||
from flask.ext.login import UserMixin
|
||||
from flask.ext.principal import Identity
|
||||
import hashlib
|
||||
import os
|
||||
import yaml
|
||||
|
@ -225,3 +226,10 @@ class DummyUser(User):
|
|||
|
||||
def check_password(self, passwordHash):
|
||||
return True
|
||||
|
||||
class DummyIdentity(Identity):
|
||||
def __init__(self):
|
||||
Identity.__init__(self, "dummy")
|
||||
|
||||
def dummy_identity_loader():
|
||||
return DummyIdentity()
|
Loading…
Reference in New Issue