liquid_feedback_frontend

annotate app/main/_filter/21_auth.lua @ 1660:cbce4491c93e

Redirect to login from index page when no access rights
author bsw
date Sun Feb 14 13:35:16 2021 +0100 (2021-02-14)
parents a0b791073159
children 446d2798f424
rev   line source
bsw@725 1 local module = request.get_module()
bsw@725 2 local view = request.get_view()
bsw@725 3 local action = request.get_action()
bsw@725 4
bsw/jbe@1309 5 local auth_needed = true
bsw/jbe@1309 6
bsw/jbe@1309 7 if module == 'index' and (
bsw@1660 8 view == "login"
bsw/jbe@1309 9 or action == "login"
bsw/jbe@1309 10 or view == "register"
bsw/jbe@1309 11 or action == "register"
bsw/jbe@1309 12 or action == "cancel_register"
bsw/jbe@1309 13 or view == "about"
bsw/jbe@1309 14 or view == "reset_password"
bsw/jbe@1309 15 or action == "reset_password"
bsw/jbe@1309 16 or view == "send_login"
bsw/jbe@1309 17 or action == "send_login"
bsw/jbe@1309 18 or view == "confirm_notify_email"
bsw/jbe@1309 19 or action == "confirm_notify_email"
bsw/jbe@1309 20 or view == "menu"
bsw/jbe@1309 21 or action == "set_lang"
bsw/jbe@1309 22 or view == "403"
bsw/jbe@1309 23 or view == "404"
bsw/jbe@1309 24 or view == "405"
bsw/jbe@1309 25 ) then
bsw/jbe@1309 26 auth_needed = false
bsw/jbe@1309 27 end
bsw/jbe@1309 28
bsw/jbe@1309 29 if module == "registration" then
bsw/jbe@1309 30 auth_needed = false
bsw/jbe@1309 31 end
bsw/jbe@1309 32
bsw/jbe@1309 33 if module == "style" then
bsw/jbe@1309 34 auth_needed = false
bsw/jbe@1309 35 end
bsw/jbe@1309 36
bsw/jbe@1309 37 if module == "help" then
bsw/jbe@1309 38 auth_needed = false
bsw/jbe@1309 39 end
bsw/jbe@1309 40
bsw/jbe@1309 41 if module == "oauth2" and (
bsw/jbe@1309 42 view == "validate"
bsw/jbe@1309 43 or view == "token"
bsw/jbe@1309 44 or view == "session"
bsw/jbe@1309 45 or view == "register"
bsw/jbe@1309 46 ) then
bsw/jbe@1309 47 auth_needed = false
bsw/jbe@1309 48 end
bsw/jbe@1309 49
bsw/jbe@1309 50 if module == "oauth2_client" then
bsw/jbe@1309 51 auth_needed = false
bsw/jbe@1309 52 end
bsw/jbe@1309 53
bsw/jbe@1309 54 if module == "api" then
bsw/jbe@1309 55 auth_needed = false
bsw/jbe@1309 56 end
bsw/jbe@0 57
bsw@1544 58 if app.session:has_access("anonymous") then
bsw@51 59
bsw@1544 60 if
bsw@1544 61 module == "index" and view == "index"
bsw@1544 62 or module == "area" and view == "show"
bsw@1544 63 or module == "unit" and view == "show"
bsw@1544 64 or module == "policy" and view == "show"
bsw@1544 65 or module == "policy" and view == "list"
bsw@1544 66 or module == "issue" and view == "show"
bsw@1544 67 or module == "issue" and view == "history"
bsw@1544 68 or module == "initiative" and view == "show"
bsw@1544 69 or module == "initiative" and view == "history"
bsw@1544 70 or module == "suggestion" and view == "show"
bsw@1544 71 or module == "draft" and view == "diff"
bsw@1544 72 or module == "draft" and view == "show"
bsw@1544 73 or module == "file" and view == "show.jpg"
bsw@1544 74 or module == "index" and view == "search"
bsw@1544 75 or module == "index" and view == "usage_terms"
bsw@1544 76 or module == "help" and view == "introduction"
bsw@1544 77 or module == "style"
bsw@1544 78 then
bsw@1544 79 auth_needed = false
bsw@51 80 end
bsw@51 81
bsw@1544 82 end
bsw@1111 83
bsw@1544 84 if app.session:has_access("authors_pseudonymous") then
bsw@1544 85 if module == "member_image" and view == "show" and param.get("image_type") == "avatar" then
bsw@1544 86 auth_needed = false
bsw@1111 87 end
bsw@1544 88 end
bsw@1544 89
bsw@1544 90 if app.session:has_access("everything") then
bsw@1544 91 if module == "member_image" and view == "show" then
bsw@1544 92 auth_needed = false
bsw@1544 93 end
bsw@1544 94 end
bsw@1111 95
bsw@1544 96 if app.session:has_access("all_pseudonymous") then
bsw@1544 97 if module == "vote" and view == "show_incoming"
bsw@1544 98 or module == "member" and view == "list"
bsw@1544 99 or module == "interest" and view == "show_incoming"
bsw@1544 100 or module == "vote" and view == "list" then
bsw@1544 101 auth_needed = false
bsw@813 102 end
bsw@1544 103 end
bsw@813 104
bsw@1544 105 if app.session:has_access("everything") then
bsw@1544 106 if module == "member" and (view == "show" or view == "history") then
bsw@1544 107 auth_needed = false
bsw@1540 108 end
bsw@1544 109 end
bsw@75 110
bsw@1544 111 if module == "sitemap" then
bsw@1544 112 auth_needed = false
bsw@1544 113 end
bsw@1544 114
bsw@1544 115 if app.session:has_access("anonymous") and not app.session.member_id and auth_needed and module == "index" and view == "index" then
bsw@1544 116 if config.single_unit_id then
bsw@1544 117 request.redirect{ module = "unit", view = "show", id = config.single_unit_id }
bsw@1544 118 else
bsw@1544 119 request.redirect{ module = "unit", view = "list" }
bsw@272 120 end
bsw@1544 121 return
bsw@51 122 end
bsw@51 123
bsw/jbe@0 124 -- if not app.session.user_id then
bsw/jbe@0 125 -- trace.debug("DEBUG: AUTHENTICATION BYPASS ENABLED")
bsw/jbe@0 126 -- app.session.user_id = 1
bsw/jbe@0 127 -- end
bsw/jbe@0 128
bsw@1544 129 if auth_needed and app.session.member == nil then
bsw/jbe@0 130 trace.debug("Not authenticated yet.")
bsw/jbe@1309 131 local params = json.object()
bsw/jbe@1309 132 for key, val in pairs(request.get_param_strings()) do
bsw/jbe@1309 133 if type(val) == "string" then
bsw/jbe@1309 134 params[key] = val
bsw/jbe@1309 135 else
bsw/jbe@1309 136 -- shouldn't happen
bsw/jbe@1309 137 error("array type params not implemented")
bsw/jbe@1309 138 end
bsw/jbe@1309 139 end
bsw@411 140 request.redirect{
bsw@411 141 module = 'index', view = 'login', params = {
bsw@725 142 redirect_module = module,
bsw@725 143 redirect_view = view,
bsw/jbe@1309 144 redirect_id = param.get_id(),
bsw/jbe@1309 145 redirect_params = params
bsw@411 146 }
bsw@411 147 }
bsw/jbe@0 148 elseif auth_needed and app.session.member.locked then
bsw/jbe@0 149 trace.debug("Member locked.")
bsw/jbe@0 150 request.redirect{ module = 'index', view = 'login' }
bsw@1541 151 else
bsw@1544 152 if config.check_delegations_interval_hard and app.session.member_id and app.session.needs_delegation_check
bsw@988 153 and not (module == "admin" or (module == "index" and (
bsw@988 154 view == "check_delegations"
bsw@988 155 or action == "check_delegations"
bsw@988 156 or action == "logout"
bsw@988 157 or view == "about"
bsw@988 158 or view == "usage_terms"
bsw@988 159 or action == "set_lang")
bsw@988 160 ))
bsw@988 161 and not (module == "member_image" and view == "show") then
bsw@988 162 request.redirect{ module = 'index', view = 'check_delegations' }
bsw@988 163 return
bsw@988 164 end
bsw/jbe@0 165 if auth_needed then
bsw/jbe@0 166 trace.debug("Authentication accepted.")
bsw/jbe@0 167 else
bsw/jbe@0 168 trace.debug("No authentication needed.")
bsw/jbe@0 169 end
bsw/jbe@0 170
bsw/jbe@0 171 --db:query("SELECT check_everything()")
bsw/jbe@0 172
bsw/jbe@0 173 execute.inner()
bsw/jbe@0 174 trace.debug("End of authentication filter.")
bsw/jbe@0 175 end
bsw/jbe@0 176

Impressum / About Us