Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
vidjil
vidjil
Commits
fe822216
Commit
fe822216
authored
Apr 18, 2016
by
HERBERT Ryan
Browse files
controllers/config.py Restrict config route access
Added permission checks to config route
parent
d355fe26
Changes
1
Hide whitespace changes
Inline
Side-by-side
server/web2py/applications/vidjil/controllers/config.py
View file @
fe822216
# coding: utf8
import
gluon.contrib.simplejson
from
controller_utils
import
error_message
if
request
.
env
.
http_origin
:
response
.
headers
[
'Access-Control-Allow-Origin'
]
=
request
.
env
.
http_origin
response
.
headers
[
'Access-Control-Allow-Credentials'
]
=
'true'
...
...
@@ -36,13 +37,25 @@ def add_form():
if
error
==
""
:
db
.
config
.
insert
(
name
=
request
.
vars
[
'config_name'
],
config_id
=
db
.
config
.
insert
(
name
=
request
.
vars
[
'config_name'
],
info
=
request
.
vars
[
'config_info'
],
command
=
request
.
vars
[
'config_command'
],
fuse_command
=
request
.
vars
[
'config_fuse_command'
],
program
=
request
.
vars
[
'config_program'
]
)
user_group
=
None
group_ids
=
list
(
auth
.
user_groups
.
keys
())
for
gid
in
group_ids
:
if
(
auth
.
user_groups
[
gid
]
!=
'public'
):
user_group
=
gid
break
db
.
auth_permission
.
insert
(
group_id
=
user_group
,
name
=
'create'
,
table_name
=
'config'
,
record_id
=
config_id
)
res
=
{
"redirect"
:
"config/index"
,
"message"
:
"config '%s' added"
%
request
.
vars
[
'config_name'
]}
log
.
admin
(
res
)
...
...
@@ -54,13 +67,18 @@ def add_form():
return
gluon
.
contrib
.
simplejson
.
dumps
(
res
,
separators
=
(
','
,
':'
))
def
edit
():
return
dict
(
message
=
T
(
'edit config'
))
def
edit
():
if
(
auth
.
can_modify_config
(
request
.
vars
[
'config_id'
])):
return
dict
(
message
=
T
(
'edit config'
))
return
error_message
(
ACCESS_DENIED
)
def
edit_form
():
error
=
""
if
(
auth
.
can_modify_config
(
request
.
vars
[
'config_id'
])):
error
+=
"ACCESS_DENIED"
required_fields
=
[
'id'
,
'config_name'
,
'config_command'
,
'config_fuse_command'
,
'config_program'
]
for
field
in
required_fields
:
if
request
.
vars
[
field
]
==
""
:
...
...
@@ -87,19 +105,23 @@ def edit_form():
return
gluon
.
contrib
.
simplejson
.
dumps
(
res
,
separators
=
(
','
,
':'
))
def
confirm
():
return
dict
(
message
=
T
(
'confirm config deletion'
))
if
(
auth
.
can_modify_config
(
request
.
vars
[
'id'
])):
return
dict
(
message
=
T
(
'confirm config deletion'
))
return
error_message
(
ACCESS_DENIED
)
def
delete
():
#delete results_file using this config
db
(
db
.
results_file
.
config_id
==
request
.
vars
[
"id"
]).
delete
()
#delete config
db
(
db
.
config
.
id
==
request
.
vars
[
"id"
]).
delete
()
res
=
{
"redirect"
:
"config/index"
,
"message"
:
"config '%s' deleted"
%
request
.
vars
[
"id"
]}
log
.
admin
(
res
)
return
gluon
.
contrib
.
simplejson
.
dumps
(
res
,
separators
=
(
','
,
':'
))
if
(
auth
.
can_modify_config
(
request
.
vars
[
'id'
])):
#delete results_file using this config
db
(
db
.
results_file
.
config_id
==
request
.
vars
[
"id"
]).
delete
()
#delete config
db
(
db
.
config
.
id
==
request
.
vars
[
"id"
]).
delete
()
res
=
{
"redirect"
:
"config/index"
,
"message"
:
"config '%s' deleted"
%
request
.
vars
[
"id"
]}
log
.
admin
(
res
)
return
gluon
.
contrib
.
simplejson
.
dumps
(
res
,
separators
=
(
','
,
':'
))
return
error_message
(
ACCESS_DENIED
)
def
permission
():
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment