mirror of
https://github.com/spl0k/supysonic.git
synced 2024-12-22 08:56:17 +00:00
Securing user and folder areas
This commit is contained in:
parent
db2694352e
commit
e40bc11f30
11
folder.py
11
folder.py
@ -1,12 +1,21 @@
|
||||
# coding: utf-8
|
||||
|
||||
from flask import request, flash, render_template, redirect, url_for
|
||||
from flask import request, flash, render_template, redirect, url_for, session as fl_sess
|
||||
import os.path
|
||||
import uuid
|
||||
|
||||
from web import app
|
||||
from db import session, Folder, Artist
|
||||
from scanner import Scanner
|
||||
from user_manager import UserManager
|
||||
|
||||
@app.before_request
|
||||
def check_admin():
|
||||
if not request.path.startswith('/folder'):
|
||||
return
|
||||
|
||||
if not UserManager.get(fl_sess.get('userid'))[1].admin:
|
||||
return redirect(url_for('index'))
|
||||
|
||||
@app.route('/folder')
|
||||
def folder_index():
|
||||
|
11
user.py
11
user.py
@ -6,6 +6,17 @@ from web import app
|
||||
from user_manager import UserManager
|
||||
from db import User
|
||||
|
||||
@app.before_request
|
||||
def check_admin():
|
||||
if not request.path.startswith('/user') or request.endpoint in ('login', 'logout'):
|
||||
return
|
||||
|
||||
if request.endpoint == 'add_user' and User.query.filter(User.admin == True).count() == 0:
|
||||
return
|
||||
|
||||
if request.endpoint in ('user_index', 'add_user', 'del_user') and not UserManager.get(session.get('userid'))[1].admin:
|
||||
return redirect(url_for('index'))
|
||||
|
||||
@app.route('/user')
|
||||
def user_index():
|
||||
return render_template('users.html', users = User.query.all())
|
||||
|
Loading…
Reference in New Issue
Block a user