mirror of
https://github.com/moepman/bk-dss
synced 2024-12-22 12:44:27 +01:00
Properly protect create and list functionality
This commit is contained in:
parent
e4ed76957f
commit
3d65393f19
6
dss.py
6
dss.py
@ -89,6 +89,9 @@ def create():
|
||||
if not is_loggedin():
|
||||
return render_template('error.html', message="You are not logged in. Please log in first.", nav=build_nav())
|
||||
|
||||
if not is_admin():
|
||||
return render_template('error.html', message="You do not have administrative privileges. Please log in using an administrative account.", nav=build_nav())
|
||||
|
||||
form = CreateForm()
|
||||
|
||||
if form.validate_on_submit():
|
||||
@ -166,6 +169,9 @@ def list_users():
|
||||
if not is_loggedin():
|
||||
return render_template('error.html', message="You are not logged in. Please log in first.", nav=build_nav())
|
||||
|
||||
if not is_admin():
|
||||
return render_template('error.html', message="You do not have administrative privileges. Please log in using an administrative account.", nav=build_nav())
|
||||
|
||||
l = ldap.initialize(app.config.get('LDAP_URI', 'ldaps://127.0.0.1'))
|
||||
l.simple_bind_s(rdb.hget(session['uuid'], 'user'), rdb.hget(session['uuid'], 'pswd'))
|
||||
sr = l.search_s(app.config.get('LDAP_BASE'), ldap.SCOPE_SUBTREE, '(objectClass=posixAccount)', ['cn'])
|
||||
|
Loading…
Reference in New Issue
Block a user