AIL/ail-framework
7
0
Fork 0
mirror of https://github.com/ail-project/ail-framework.git synced 2024-11-10 00:28:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: [API ACL] avoid user_no_api users to access the API

Browse source
This commit is contained in:
Terrtia 2021-02-23 15:28:15 +01:00
parent 1c991aa792
commit e6a2655d31
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
var/www/modules/restApi/Flask_restApi.py
View file

@ -68,6 +68,10 @@ def get_user_from_token(token):
return r_serv_db.hget('user:tokens', token)
def verify_user_role(role, token):
# User without API
if role == 'user_no_api':
return False
user_id = get_user_from_token(token)
if user_id:
if is_in_role(user_id, role):