mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-30 01:37:17 +00:00
fix: [API ACL] avoid user_no_api users to access the API
This commit is contained in:
parent
1c991aa792
commit
e6a2655d31
1 changed files with 4 additions and 0 deletions
|
@ -68,6 +68,10 @@ def get_user_from_token(token):
|
||||||
return r_serv_db.hget('user:tokens', token)
|
return r_serv_db.hget('user:tokens', token)
|
||||||
|
|
||||||
def verify_user_role(role, token):
|
def verify_user_role(role, token):
|
||||||
|
# User without API
|
||||||
|
if role == 'user_no_api':
|
||||||
|
return False
|
||||||
|
|
||||||
user_id = get_user_from_token(token)
|
user_id = get_user_from_token(token)
|
||||||
if user_id:
|
if user_id:
|
||||||
if is_in_role(user_id, role):
|
if is_in_role(user_id, role):
|
||||||
|
|
Loading…
Reference in a new issue