From: Simo Sorce Date: Fri, 3 Oct 2014 17:24:37 +0000 (-0400) Subject: Redirect anonymous users away X-Git-Tag: v0.3.0~69 X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=commitdiff_plain;h=73eeae98716c0e25f31cdb2c347c1939525d6ef7 Redirect anonymous users away It makes no sense to let anonymous users interact with the admin pages so tighten up access and redirect away users that have no rights. Signed-off-by: Simo Sorce Reviewed-by: Patrick Uiterwijk --- diff --git a/ipsilon/admin/common.py b/ipsilon/admin/common.py index 85bd5fd..b8572e3 100755 --- a/ipsilon/admin/common.py +++ b/ipsilon/admin/common.py @@ -19,7 +19,7 @@ import cherrypy from ipsilon.util.page import Page -from ipsilon.util.page import admin_protect +from ipsilon.util.page import admin_protect, auth_protect class AdminPluginPage(Page): @@ -110,6 +110,7 @@ class Admin(Page): self.url = '%s/%s' % (self.basepath, mount) self.menu = [] + @auth_protect def root(self, *args, **kwargs): return self._template('admin/index.html', title='Configuration', diff --git a/ipsilon/admin/info.py b/ipsilon/admin/info.py index 4154339..8e910c7 100755 --- a/ipsilon/admin/info.py +++ b/ipsilon/admin/info.py @@ -4,7 +4,7 @@ import cherrypy from ipsilon.util.page import Page -from ipsilon.util.page import admin_protect +from ipsilon.util.page import admin_protect, auth_protect from ipsilon.util.plugin import PluginObject from ipsilon.admin.common import AdminPluginPage from ipsilon.info.common import FACILITY @@ -112,9 +112,11 @@ class InfoPlugins(Page): enabled=ordered, menu=self._master.menu) + @auth_protect def root(self, *args, **kwargs): return self.root_with_msg() + @admin_protect def enable(self, plugin): msg = None plugins = self._site[FACILITY] @@ -128,6 +130,7 @@ class InfoPlugins(Page): return self.root_with_msg(msg, "success") enable.exposed = True + @admin_protect def disable(self, plugin): msg = None plugins = self._site[FACILITY] diff --git a/ipsilon/admin/login.py b/ipsilon/admin/login.py index bb79f90..16489f1 100755 --- a/ipsilon/admin/login.py +++ b/ipsilon/admin/login.py @@ -19,7 +19,7 @@ import cherrypy from ipsilon.util.page import Page -from ipsilon.util.page import admin_protect +from ipsilon.util.page import admin_protect, auth_protect from ipsilon.util.plugin import PluginObject from ipsilon.admin.common import AdminPluginPage from ipsilon.login.common import FACILITY @@ -144,9 +144,11 @@ class LoginPlugins(Page): enabled=ordered, menu=self._master.menu) + @auth_protect def root(self, *args, **kwargs): return self.root_with_msg() + @admin_protect def enable(self, plugin): msg = None plugins = self._site[FACILITY] @@ -161,6 +163,7 @@ class LoginPlugins(Page): return self.root_with_msg(msg, "success") enable.exposed = True + @admin_protect def disable(self, plugin): msg = None plugins = self._site[FACILITY] diff --git a/ipsilon/admin/providers.py b/ipsilon/admin/providers.py index ba5e1e7..8219880 100755 --- a/ipsilon/admin/providers.py +++ b/ipsilon/admin/providers.py @@ -20,6 +20,7 @@ import cherrypy from ipsilon.util.page import Page +from ipsilon.util.page import admin_protect, auth_protect from ipsilon.providers.common import FACILITY from ipsilon.admin.common import AdminPluginPage @@ -56,9 +57,11 @@ class ProviderPlugins(Page): enabled=enabled_plugins, menu=self._master.menu) + @auth_protect def root(self, *args, **kwargs): return self.root_with_msg() + @admin_protect def enable(self, plugin): msg = None plugins = self._site[FACILITY] @@ -72,6 +75,7 @@ class ProviderPlugins(Page): return self.root_with_msg(msg, "success") enable.exposed = True + @admin_protect def disable(self, plugin): msg = None plugins = self._site[FACILITY] diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py index 10f10aa..aa075de 100755 --- a/ipsilon/util/page.py +++ b/ipsilon/util/page.py @@ -34,6 +34,16 @@ def admin_protect(fn): return check +def auth_protect(fn): + def check(self, *args, **kwargs): + if UserSession().get_user().is_anonymous: + raise cherrypy.HTTPRedirect(self.basepath) + else: + return fn(self, *args, **kwargs) + + return check + + class Page(Log): def __init__(self, site, form=False): if 'template_env' not in site: