rev |
line source |
bsw@725
|
1 local module = request.get_module()
|
bsw@725
|
2 local view = request.get_view()
|
bsw@725
|
3 local action = request.get_action()
|
bsw@725
|
4
|
bsw/jbe@1309
|
5 local auth_needed = true
|
bsw/jbe@1309
|
6
|
bsw/jbe@1309
|
7 if module == 'index' and (
|
bsw@1660
|
8 view == "login"
|
bsw/jbe@1309
|
9 or action == "login"
|
bsw/jbe@1309
|
10 or view == "register"
|
bsw/jbe@1309
|
11 or action == "register"
|
bsw/jbe@1309
|
12 or action == "cancel_register"
|
bsw/jbe@1309
|
13 or view == "about"
|
bsw/jbe@1309
|
14 or view == "reset_password"
|
bsw/jbe@1309
|
15 or action == "reset_password"
|
bsw/jbe@1309
|
16 or view == "send_login"
|
bsw/jbe@1309
|
17 or action == "send_login"
|
bsw/jbe@1309
|
18 or view == "confirm_notify_email"
|
bsw/jbe@1309
|
19 or action == "confirm_notify_email"
|
bsw/jbe@1309
|
20 or view == "menu"
|
bsw/jbe@1309
|
21 or action == "set_lang"
|
bsw/jbe@1309
|
22 or view == "403"
|
bsw/jbe@1309
|
23 or view == "404"
|
bsw/jbe@1309
|
24 or view == "405"
|
bsw/jbe@1309
|
25 ) then
|
bsw/jbe@1309
|
26 auth_needed = false
|
bsw/jbe@1309
|
27 end
|
bsw/jbe@1309
|
28
|
bsw/jbe@1309
|
29 if module == "registration" then
|
bsw/jbe@1309
|
30 auth_needed = false
|
bsw/jbe@1309
|
31 end
|
bsw/jbe@1309
|
32
|
bsw/jbe@1309
|
33 if module == "style" then
|
bsw/jbe@1309
|
34 auth_needed = false
|
bsw/jbe@1309
|
35 end
|
bsw/jbe@1309
|
36
|
bsw/jbe@1309
|
37 if module == "help" then
|
bsw/jbe@1309
|
38 auth_needed = false
|
bsw/jbe@1309
|
39 end
|
bsw/jbe@1309
|
40
|
bsw/jbe@1309
|
41 if module == "oauth2" and (
|
bsw/jbe@1309
|
42 view == "validate"
|
bsw/jbe@1309
|
43 or view == "token"
|
bsw/jbe@1309
|
44 or view == "session"
|
bsw/jbe@1309
|
45 or view == "register"
|
bsw/jbe@1309
|
46 ) then
|
bsw/jbe@1309
|
47 auth_needed = false
|
bsw/jbe@1309
|
48 end
|
bsw/jbe@1309
|
49
|
bsw/jbe@1309
|
50 if module == "oauth2_client" then
|
bsw/jbe@1309
|
51 auth_needed = false
|
bsw/jbe@1309
|
52 end
|
bsw/jbe@1309
|
53
|
bsw/jbe@1309
|
54 if module == "api" then
|
bsw/jbe@1309
|
55 auth_needed = false
|
bsw/jbe@1309
|
56 end
|
bsw/jbe@0
|
57
|
bsw@1544
|
58 if app.session:has_access("anonymous") then
|
bsw@51
|
59
|
bsw@1544
|
60 if
|
bsw@1544
|
61 module == "index" and view == "index"
|
bsw@1544
|
62 or module == "area" and view == "show"
|
bsw@1544
|
63 or module == "unit" and view == "show"
|
bsw@1544
|
64 or module == "policy" and view == "show"
|
bsw@1544
|
65 or module == "policy" and view == "list"
|
bsw@1544
|
66 or module == "issue" and view == "show"
|
bsw@1544
|
67 or module == "issue" and view == "history"
|
bsw@1544
|
68 or module == "initiative" and view == "show"
|
bsw@1544
|
69 or module == "initiative" and view == "history"
|
bsw@1544
|
70 or module == "suggestion" and view == "show"
|
bsw@1544
|
71 or module == "draft" and view == "diff"
|
bsw@1544
|
72 or module == "draft" and view == "show"
|
bsw@1544
|
73 or module == "file" and view == "show.jpg"
|
bsw@1544
|
74 or module == "index" and view == "search"
|
bsw@1544
|
75 or module == "index" and view == "usage_terms"
|
bsw@1544
|
76 or module == "help" and view == "introduction"
|
bsw@1544
|
77 or module == "style"
|
bsw@1544
|
78 then
|
bsw@1544
|
79 auth_needed = false
|
bsw@51
|
80 end
|
bsw@51
|
81
|
bsw@1544
|
82 end
|
bsw@1111
|
83
|
bsw@1544
|
84 if app.session:has_access("authors_pseudonymous") then
|
bsw@1544
|
85 if module == "member_image" and view == "show" and param.get("image_type") == "avatar" then
|
bsw@1544
|
86 auth_needed = false
|
bsw@1111
|
87 end
|
bsw@1544
|
88 end
|
bsw@1544
|
89
|
bsw@1544
|
90 if app.session:has_access("everything") then
|
bsw@1544
|
91 if module == "member_image" and view == "show" then
|
bsw@1544
|
92 auth_needed = false
|
bsw@1544
|
93 end
|
bsw@1544
|
94 end
|
bsw@1111
|
95
|
bsw@1544
|
96 if app.session:has_access("all_pseudonymous") then
|
bsw@1544
|
97 if module == "vote" and view == "show_incoming"
|
bsw@1544
|
98 or module == "member" and view == "list"
|
bsw@1544
|
99 or module == "interest" and view == "show_incoming"
|
bsw@1544
|
100 or module == "vote" and view == "list" then
|
bsw@1544
|
101 auth_needed = false
|
bsw@813
|
102 end
|
bsw@1544
|
103 end
|
bsw@813
|
104
|
bsw@1544
|
105 if app.session:has_access("everything") then
|
bsw@1544
|
106 if module == "member" and (view == "show" or view == "history") then
|
bsw@1544
|
107 auth_needed = false
|
bsw@1540
|
108 end
|
bsw@1544
|
109 end
|
bsw@75
|
110
|
bsw@1544
|
111 if module == "sitemap" then
|
bsw@1544
|
112 auth_needed = false
|
bsw@1544
|
113 end
|
bsw@1544
|
114
|
bsw@1544
|
115 if app.session:has_access("anonymous") and not app.session.member_id and auth_needed and module == "index" and view == "index" then
|
bsw@1544
|
116 if config.single_unit_id then
|
bsw@1544
|
117 request.redirect{ module = "unit", view = "show", id = config.single_unit_id }
|
bsw@1544
|
118 else
|
bsw@1544
|
119 request.redirect{ module = "unit", view = "list" }
|
bsw@272
|
120 end
|
bsw@1544
|
121 return
|
bsw@51
|
122 end
|
bsw@51
|
123
|
bsw/jbe@0
|
124 -- if not app.session.user_id then
|
bsw/jbe@0
|
125 -- trace.debug("DEBUG: AUTHENTICATION BYPASS ENABLED")
|
bsw/jbe@0
|
126 -- app.session.user_id = 1
|
bsw/jbe@0
|
127 -- end
|
bsw/jbe@0
|
128
|
bsw@1544
|
129 if auth_needed and app.session.member == nil then
|
bsw/jbe@0
|
130 trace.debug("Not authenticated yet.")
|
bsw/jbe@1309
|
131 local params = json.object()
|
bsw/jbe@1309
|
132 for key, val in pairs(request.get_param_strings()) do
|
bsw/jbe@1309
|
133 if type(val) == "string" then
|
bsw/jbe@1309
|
134 params[key] = val
|
bsw/jbe@1309
|
135 else
|
bsw/jbe@1309
|
136 -- shouldn't happen
|
bsw/jbe@1309
|
137 error("array type params not implemented")
|
bsw/jbe@1309
|
138 end
|
bsw/jbe@1309
|
139 end
|
bsw@411
|
140 request.redirect{
|
bsw@411
|
141 module = 'index', view = 'login', params = {
|
bsw@725
|
142 redirect_module = module,
|
bsw@725
|
143 redirect_view = view,
|
bsw/jbe@1309
|
144 redirect_id = param.get_id(),
|
bsw/jbe@1309
|
145 redirect_params = params
|
bsw@411
|
146 }
|
bsw@411
|
147 }
|
bsw/jbe@0
|
148 elseif auth_needed and app.session.member.locked then
|
bsw/jbe@0
|
149 trace.debug("Member locked.")
|
bsw/jbe@0
|
150 request.redirect{ module = 'index', view = 'login' }
|
bsw@1541
|
151 else
|
bsw@1544
|
152 if config.check_delegations_interval_hard and app.session.member_id and app.session.needs_delegation_check
|
bsw@988
|
153 and not (module == "admin" or (module == "index" and (
|
bsw@988
|
154 view == "check_delegations"
|
bsw@988
|
155 or action == "check_delegations"
|
bsw@988
|
156 or action == "logout"
|
bsw@988
|
157 or view == "about"
|
bsw@988
|
158 or view == "usage_terms"
|
bsw@988
|
159 or action == "set_lang")
|
bsw@988
|
160 ))
|
bsw@988
|
161 and not (module == "member_image" and view == "show") then
|
bsw@988
|
162 request.redirect{ module = 'index', view = 'check_delegations' }
|
bsw@988
|
163 return
|
bsw@988
|
164 end
|
bsw/jbe@0
|
165 if auth_needed then
|
bsw/jbe@0
|
166 trace.debug("Authentication accepted.")
|
bsw/jbe@0
|
167 else
|
bsw/jbe@0
|
168 trace.debug("No authentication needed.")
|
bsw/jbe@0
|
169 end
|
bsw/jbe@0
|
170
|
bsw/jbe@0
|
171 --db:query("SELECT check_everything()")
|
bsw/jbe@0
|
172
|
bsw/jbe@0
|
173 execute.inner()
|
bsw/jbe@0
|
174 trace.debug("End of authentication filter.")
|
bsw/jbe@0
|
175 end
|
bsw/jbe@0
|
176
|