mirror of
https://github.com/ail-project/ail-framework.git
synced 2024-11-10 00:28:22 +00:00
fix: [API ACL] avoid user_no_api users to access the API
This commit is contained in:
parent
1c991aa792
commit
e6a2655d31
1 changed files with 4 additions and 0 deletions
|
@ -68,6 +68,10 @@ def get_user_from_token(token):
|
|||
return r_serv_db.hget('user:tokens', token)
|
||||
|
||||
def verify_user_role(role, token):
|
||||
# User without API
|
||||
if role == 'user_no_api':
|
||||
return False
|
||||
|
||||
user_id = get_user_from_token(token)
|
||||
if user_id:
|
||||
if is_in_role(user_id, role):
|
||||
|
|
Loading…
Reference in a new issue