liquid_feedback_frontend
view app/main/_filter/21_auth.lua @ 75:733f65c0c0a0
Bugfixes, feature enhancements, code-cleanup, and major work on API
Details:
- API
-- Allow relation name to be passed to helper function util.autoapi{...}
-- Added area API
-- Bugfixes in API
--- Correctly return initiatives (bug #162)
--- Correctly process "id" parameter for initiative API
--- Bugfix related to "state" parameter (bug #165)
--- Changed constant "discussion" to "accepted" (in model/issue.lua, used by API)
--- Fixed JSON encoding in auto_api (bug #181)
--- Ignore list filter "voted" in case of public access
--- Enable access to API without session
- Work on RSS feed (incomplete yet)
- Other bugfixes
-- Handle empty browser identification string
-- Handle invalid date in member/update.lua (bugs #24 #109 #115 #136)
-- Better handle errors while converting uploaded images. (bug #79 +5 duplicates)
-- Don't display revoked initiatives in list of new drafts (bug #134)
-- Fixed syntax error in app/main/member/_action/update_name.lua throwing unexpected error, when new name was too short
-- Do not display refresh support button for revoked initiatives
-- Repaired issue search (bug #150)
-- Fixed typos in german translation files
--- "initi(i)erte"
--- "Er(g)eignisse" (bug #161)
- Code cleanup
-- Removed deprecated motd files locale/motd/de.txt and locale/motd/de_public.txt
-- Removed redundant code in app/main/index/_updated_drafts.lua
- New features and (optical) enhancements
-- Support change of notify email; notification of not approved address added to start page
-- Settings dialog splitted into single pages
-- Mark deactivated members
-- Calendar for birthday selection in profile
-- Policy list public readable when public access is enabled
Details:
- API
-- Allow relation name to be passed to helper function util.autoapi{...}
-- Added area API
-- Bugfixes in API
--- Correctly return initiatives (bug #162)
--- Correctly process "id" parameter for initiative API
--- Bugfix related to "state" parameter (bug #165)
--- Changed constant "discussion" to "accepted" (in model/issue.lua, used by API)
--- Fixed JSON encoding in auto_api (bug #181)
--- Ignore list filter "voted" in case of public access
--- Enable access to API without session
- Work on RSS feed (incomplete yet)
- Other bugfixes
-- Handle empty browser identification string
-- Handle invalid date in member/update.lua (bugs #24 #109 #115 #136)
-- Better handle errors while converting uploaded images. (bug #79 +5 duplicates)
-- Don't display revoked initiatives in list of new drafts (bug #134)
-- Fixed syntax error in app/main/member/_action/update_name.lua throwing unexpected error, when new name was too short
-- Do not display refresh support button for revoked initiatives
-- Repaired issue search (bug #150)
-- Fixed typos in german translation files
--- "initi(i)erte"
--- "Er(g)eignisse" (bug #161)
- Code cleanup
-- Removed deprecated motd files locale/motd/de.txt and locale/motd/de_public.txt
-- Removed redundant code in app/main/index/_updated_drafts.lua
- New features and (optical) enhancements
-- Support change of notify email; notification of not approved address added to start page
-- Settings dialog splitted into single pages
-- Mark deactivated members
-- Calendar for birthday selection in profile
-- Policy list public readable when public access is enabled
| author | bsw |
|---|---|
| date | Thu Jul 08 18:44:02 2010 +0200 (2010-07-08) |
| parents | 88ac7798b562 |
| children | 49b0da970463 |
line source
1 local auth_needed = not (
2 request.get_module() == 'index'
3 and (
4 request.get_view() == "login"
5 or request.get_action() == "login"
6 or request.get_view() == "register"
7 or request.get_action() == "register"
8 or request.get_view() == "about"
9 or request.get_view() == "reset_password"
10 or request.get_action() == "reset_password"
11 or request.get_view() == "confirm_notify_email"
12 or request.get_action() == "confirm_notify_email"
13 or request.get_action() == "set_lang"
14 )
15 or request.get_module() == "openid"
16 )
18 if config.public_access then
20 if
21 request.get_module() == "area" and (
22 request.get_view() == "list"
23 or request.get_view() == "show"
24 or request.get_view() == "show_tab"
25 )
26 or request.get_module() == "policy" and request.get_view() == "show"
27 or request.get_module() == "policy" and request.get_view() == "list"
28 or request.get_module() == "issue" and request.get_view() == "show"
29 or request.get_module() == "issue" and request.get_view() == "show_tab"
30 or request.get_module() == "initiative" and request.get_view() == "show"
31 or request.get_module() == "initiative" and request.get_view() == "show_partial"
32 or request.get_module() == "initiative" and request.get_view() == "show_tab"
33 or request.get_module() == "initiative" and request.get_view() == "show.rss"
34 or request.get_module() == "suggestion" and request.get_view() == "show"
35 or request.get_module() == "draft" and request.get_view() == "diff"
36 then
37 auth_needed = false
38 end
40 end
42 if config.api_enabled and request.get_module() == "api" then
43 auth_needed = false
44 end
46 if config.public_access and not app.session.member_id and auth_needed and request.get_module() == "index" and request.get_view() == "index" then
47 request.redirect{ module = "area", view = "list" }
48 return
49 end
51 -- if not app.session.user_id then
52 -- trace.debug("DEBUG: AUTHENTICATION BYPASS ENABLED")
53 -- app.session.user_id = 1
54 -- end
56 if auth_needed and app.session.member == nil then
57 trace.debug("Not authenticated yet.")
58 request.redirect{ module = 'index', view = 'login' }
59 elseif auth_needed and app.session.member.locked then
60 trace.debug("Member locked.")
61 request.redirect{ module = 'index', view = 'login' }
62 else
63 if auth_needed then
64 trace.debug("Authentication accepted.")
65 else
66 trace.debug("No authentication needed.")
67 end
69 --db:query("SELECT check_everything()")
71 execute.inner()
72 trace.debug("End of authentication filter.")
73 end