liquid_feedback_frontend
view app/main/_filter/21_auth.lua @ 1858:3d1f0464a3ea
Handle missing ldap.member.allowed function
| author | bsw |
|---|---|
| date | Tue Sep 20 17:35:29 2022 +0200 (20 months ago) |
| parents | d1ef89bd250c |
| children |
line source
1 local module = request.get_module()
2 local view = request.get_view()
3 local action = request.get_action()
5 local auth_needed = true
7 if module == 'index' and (
8 view == "login"
9 or action == "login"
10 or view == "register"
11 or action == "register"
12 or action == "cancel_register"
13 or view == "about"
14 or view == "reset_password"
15 or action == "reset_password"
16 or view == "send_login"
17 or action == "send_login"
18 or view == "confirm_notify_email"
19 or action == "confirm_notify_email"
20 or view == "menu"
21 or action == "set_lang"
22 or view == "403"
23 or view == "404"
24 or view == "405"
25 or view == "usage_terms" and config.use_terms_public_access == true
26 or view == "privacy" and config.privacy_policy_public_access == true
27 ) then
28 auth_needed = false
29 end
31 if module == "registration" then
32 auth_needed = false
33 end
35 if module == "style" then
36 auth_needed = false
37 end
39 if module == "help" then
40 auth_needed = false
41 end
43 if module == "oauth2" and (
44 view == "validate"
45 or view == "token"
46 or view == "session"
47 or view == "register"
48 ) then
49 auth_needed = false
50 end
52 if module == "oauth2_client" then
53 auth_needed = false
54 end
56 if module == "api" then
57 auth_needed = false
58 end
60 if app.session:has_access("anonymous") then
62 if
63 module == "index" and view == "index"
64 or module == "area" and view == "show"
65 or module == "unit" and view == "show"
66 or module == "issue" and view == "show"
67 or module == "issue" and view == "history"
68 or module == "initiative" and view == "show"
69 or module == "initiative" and view == "history"
70 or module == "suggestion" and view == "show"
71 or module == "draft" and view == "diff"
72 or module == "draft" and view == "show"
73 or module == "file" and view == "show.jpg"
74 or module == "index" and view == "search"
75 or module == "index" and view == "usage_terms"
76 or module == "index" and view == "privacy"
77 or module == "help" and view == "introduction"
78 or module == "style"
79 then
80 auth_needed = false
81 end
83 end
85 if app.session:has_access("authors_pseudonymous") then
86 if module == "member_image" and view == "show" and param.get("image_type") == "avatar" then
87 auth_needed = false
88 end
89 end
91 if app.session:has_access("everything") then
92 if module == "member_image" and view == "show" then
93 auth_needed = false
94 end
95 end
97 if app.session:has_access("all_pseudonymous") then
98 if module == "vote" and view == "show_incoming"
99 or module == "member" and view == "list"
100 or module == "interest" and view == "show_incoming"
101 or module == "vote" and view == "list" then
102 auth_needed = false
103 end
104 end
106 if app.session:has_access("everything") then
107 if module == "member" and (view == "show" or view == "history") then
108 auth_needed = false
109 end
110 end
112 if module == "sitemap" then
113 auth_needed = false
114 end
116 if app.session:has_access("anonymous") and not app.session.member_id and auth_needed and module == "index" and view == "index" then
117 if app.single_unit_id then
118 request.redirect{ module = "unit", view = "show", id = app.single_unit_id }
119 else
120 request.redirect{ module = "unit", view = "list" }
121 end
122 return
123 end
125 -- if not app.session.user_id then
126 -- trace.debug("DEBUG: AUTHENTICATION BYPASS ENABLED")
127 -- app.session.user_id = 1
128 -- end
130 if auth_needed and app.session.member == nil then
131 trace.debug("Not authenticated yet.")
132 local params = json.object()
133 for key, val in pairs(request.get_param_strings()) do
134 if type(val) == "string" then
135 params[key] = val
136 else
137 -- shouldn't happen
138 error("array type params not implemented")
139 end
140 end
141 if config.login and config.login.method == "oauth2" then
142 request.redirect{
143 module = "oauth2_client",
144 view = "redirect",
145 params = { provider = config.login.provider }
146 }
147 else
148 request.redirect{
149 module = 'index', view = 'login', params = {
150 redirect_module = module,
151 redirect_view = view,
152 redirect_id = param.get_id(),
153 redirect_params = params
154 }
155 }
156 end
157 elseif auth_needed and app.session.member.locked then
158 trace.debug("Member locked.")
159 request.redirect{ module = 'index', view = 'login' }
160 else
161 if config.check_delegations_interval_hard and app.session.member_id and app.session.needs_delegation_check
162 and not (module == "admin" or (module == "index" and (
163 view == "check_delegations"
164 or action == "check_delegations"
165 or action == "logout"
166 or view == "about"
167 or view == "usage_terms"
168 or action == "set_lang")
169 ))
170 and not (module == "member_image" and view == "show") then
171 request.redirect{ module = 'index', view = 'check_delegations' }
172 return
173 end
174 if auth_needed then
175 trace.debug("Authentication accepted.")
176 else
177 trace.debug("No authentication needed.")
178 end
180 --db:query("SELECT check_everything()")
182 execute.inner()
183 trace.debug("End of authentication filter.")
184 end