1
0
mirror of https://github.com/spl0k/supysonic.git synced 2024-12-22 08:56:17 +00:00

Securing user and folder areas

This commit is contained in:
Alban 2012-12-09 21:30:37 +01:00
parent db2694352e
commit e40bc11f30
2 changed files with 21 additions and 1 deletions

View File

@ -1,12 +1,21 @@
# coding: utf-8
from flask import request, flash, render_template, redirect, url_for
from flask import request, flash, render_template, redirect, url_for, session as fl_sess
import os.path
import uuid
from web import app
from db import session, Folder, Artist
from scanner import Scanner
from user_manager import UserManager
@app.before_request
def check_admin():
if not request.path.startswith('/folder'):
return
if not UserManager.get(fl_sess.get('userid'))[1].admin:
return redirect(url_for('index'))
@app.route('/folder')
def folder_index():

11
user.py
View File

@ -6,6 +6,17 @@ from web import app
from user_manager import UserManager
from db import User
@app.before_request
def check_admin():
if not request.path.startswith('/user') or request.endpoint in ('login', 'logout'):
return
if request.endpoint == 'add_user' and User.query.filter(User.admin == True).count() == 0:
return
if request.endpoint in ('user_index', 'add_user', 'del_user') and not UserManager.get(session.get('userid'))[1].admin:
return redirect(url_for('index'))
@app.route('/user')
def user_index():
return render_template('users.html', users = User.query.all())