liquid_feedback_frontend
view app/main/_filter/21_auth.lua @ 1820:2e5b303ea68e
Better handling of use terms, added view for privacy policy
| author | bsw |
|---|---|
| date | Wed Jan 26 00:33:21 2022 +0100 (2022-01-26) |
| parents | c28ff4a85ded |
| children | 7978d87b3552 |
line source
1 local module = request.get_module()
2 local view = request.get_view()
3 local action = request.get_action()
5 local auth_needed = true
7 if module == 'index' and (
8 view == "login"
9 or action == "login"
10 or view == "register"
11 or action == "register"
12 or action == "cancel_register"
13 or view == "about"
14 or view == "reset_password"
15 or action == "reset_password"
16 or view == "send_login"
17 or action == "send_login"
18 or view == "confirm_notify_email"
19 or action == "confirm_notify_email"
20 or view == "menu"
21 or action == "set_lang"
22 or view == "403"
23 or view == "404"
24 or view == "405"
25 ) then
26 auth_needed = false
27 end
29 if module == "registration" then
30 auth_needed = false
31 end
33 if module == "style" then
34 auth_needed = false
35 end
37 if module == "help" then
38 auth_needed = false
39 end
41 if module == "oauth2" and (
42 view == "validate"
43 or view == "token"
44 or view == "session"
45 or view == "register"
46 ) then
47 auth_needed = false
48 end
50 if module == "oauth2_client" then
51 auth_needed = false
52 end
54 if module == "api" then
55 auth_needed = false
56 end
58 if app.session:has_access("anonymous") then
60 if
61 module == "index" and view == "index"
62 or module == "area" and view == "show"
63 or module == "unit" and view == "show"
64 or module == "issue" and view == "show"
65 or module == "issue" and view == "history"
66 or module == "initiative" and view == "show"
67 or module == "initiative" and view == "history"
68 or module == "suggestion" and view == "show"
69 or module == "draft" and view == "diff"
70 or module == "draft" and view == "show"
71 or module == "file" and view == "show.jpg"
72 or module == "index" and view == "search"
73 or module == "index" and view == "usage_terms" and config.use_terms_public_access == true
74 or module == "index" and view == "privacy" and config.use_terms_public_access == true
75 or module == "help" and view == "introduction"
76 or module == "style"
77 then
78 auth_needed = false
79 end
81 end
83 if app.session:has_access("authors_pseudonymous") then
84 if module == "member_image" and view == "show" and param.get("image_type") == "avatar" then
85 auth_needed = false
86 end
87 end
89 if app.session:has_access("everything") then
90 if module == "member_image" and view == "show" then
91 auth_needed = false
92 end
93 end
95 if app.session:has_access("all_pseudonymous") then
96 if module == "vote" and view == "show_incoming"
97 or module == "member" and view == "list"
98 or module == "interest" and view == "show_incoming"
99 or module == "vote" and view == "list" then
100 auth_needed = false
101 end
102 end
104 if app.session:has_access("everything") then
105 if module == "member" and (view == "show" or view == "history") then
106 auth_needed = false
107 end
108 end
110 if module == "sitemap" then
111 auth_needed = false
112 end
114 if app.session:has_access("anonymous") and not app.session.member_id and auth_needed and module == "index" and view == "index" then
115 if app.single_unit_id then
116 request.redirect{ module = "unit", view = "show", id = app.single_unit_id }
117 else
118 request.redirect{ module = "unit", view = "list" }
119 end
120 return
121 end
123 -- if not app.session.user_id then
124 -- trace.debug("DEBUG: AUTHENTICATION BYPASS ENABLED")
125 -- app.session.user_id = 1
126 -- end
128 if auth_needed and app.session.member == nil then
129 trace.debug("Not authenticated yet.")
130 local params = json.object()
131 for key, val in pairs(request.get_param_strings()) do
132 if type(val) == "string" then
133 params[key] = val
134 else
135 -- shouldn't happen
136 error("array type params not implemented")
137 end
138 end
139 if config.login and config.login.method == "oauth2" then
140 request.redirect{
141 module = "oauth2_client",
142 view = "redirect",
143 params = { provider = config.login.provider }
144 }
145 else
146 request.redirect{
147 module = 'index', view = 'login', params = {
148 redirect_module = module,
149 redirect_view = view,
150 redirect_id = param.get_id(),
151 redirect_params = params
152 }
153 }
154 end
155 elseif auth_needed and app.session.member.locked then
156 trace.debug("Member locked.")
157 request.redirect{ module = 'index', view = 'login' }
158 else
159 if config.check_delegations_interval_hard and app.session.member_id and app.session.needs_delegation_check
160 and not (module == "admin" or (module == "index" and (
161 view == "check_delegations"
162 or action == "check_delegations"
163 or action == "logout"
164 or view == "about"
165 or view == "usage_terms"
166 or action == "set_lang")
167 ))
168 and not (module == "member_image" and view == "show") then
169 request.redirect{ module = 'index', view = 'check_delegations' }
170 return
171 end
172 if auth_needed then
173 trace.debug("Authentication accepted.")
174 else
175 trace.debug("No authentication needed.")
176 end
178 --db:query("SELECT check_everything()")
180 execute.inner()
181 trace.debug("End of authentication filter.")
182 end