liquid_feedback_frontend

view app/main/_filter/21_auth.lua @ 884:a1c7858c15e9

find changesets by author, revision, files, or words in the commit message
Show voting ballot from access_level all_pseudonymous and up
author bsw
date Mon Aug 20 01:29:18 2012 +0200 (2012-08-20)
parents ea3d3757ddc3
children 403e8c211592
line source
1 local module = request.get_module()
2 local view = request.get_view()
3 local action = request.get_action()
4
5 local auth_needed = not (
6 module == 'index'
7 and (
8 view == "index"
9 or view == "login"
10 or action == "login"
11 or view == "register"
12 or action == "register"
13 or view == "about"
14 or view == "reset_password"
15 or action == "reset_password"
16 or view == "confirm_notify_email"
17 or action == "confirm_notify_email"
18 or view == "menu"
19 or action == "set_lang"
20 )
21 )
22
23 if app.session:has_access("anonymous") then
24
25 if
26 module == "area" and view == "show"
27 or module == "unit" and view == "show"
28 or module == "policy" and view == "show"
29 or module == "policy" and view == "list"
30 or module == "issue" and view == "show"
31 or module == "initiative" and view == "show"
32 or module == "suggestion" and view == "show"
33 or module == "draft" and view == "diff"
34 or module == "draft" and view == "show"
35 or module == "draft" and view == "list"
36 or module == "index" and view == "search"
37 or module == "index" and view == "usage_terms"
38 then
39 auth_needed = false
40 end
41
42 end
43
44 if app.session:has_access("all_pseudonymous") then
45 if module == "member_image" and view == "show"
46 or module == "vote" and view == "show_incoming"
47 or module == "interest" and view == "show_incoming"
48 or module == "supporter" and view == "show_incoming"
49 or module == "vote" and view == "list" then
50 auth_needed = false
51 end
52 end
53
54 if app.session:has_access("everything") then
55 if module == "member" and (view == "show" or view == "history") then
56 auth_needed = false
57 end
58 end
59
60 if module == "sitemap" then
61 auth_needed = false
62 end
63
64 if app.session:has_access("anonymous") and not app.session.member_id and auth_needed and module == "index" and view == "index" then
65 if config.single_unit_id then
66 request.redirect{ module = "unit", view = "show", id = config.single_unit_id }
67 else
68 request.redirect{ module = "unit", view = "list" }
69 end
70 return
71 end
72
73 -- if not app.session.user_id then
74 -- trace.debug("DEBUG: AUTHENTICATION BYPASS ENABLED")
75 -- app.session.user_id = 1
76 -- end
77
78 if auth_needed and app.session.member == nil then
79 trace.debug("Not authenticated yet.")
80 request.redirect{
81 module = 'index', view = 'login', params = {
82 redirect_module = module,
83 redirect_view = view,
84 redirect_id = param.get_id()
85 }
86 }
87 elseif auth_needed and app.session.member.locked then
88 trace.debug("Member locked.")
89 request.redirect{ module = 'index', view = 'login' }
90 else
91 if auth_needed then
92 trace.debug("Authentication accepted.")
93 else
94 trace.debug("No authentication needed.")
95 end
96
97 --db:query("SELECT check_everything()")
98
99 execute.inner()
100 trace.debug("End of authentication filter.")
101 end
102

Impressum / About Us