liquid_feedback_frontend
changeset 1540:b0b557858fd8
Fixed access to non-existing session object in auth filter
author | bsw |
---|---|
date | Tue Oct 20 17:58:07 2020 +0200 (2020-10-20) |
parents | 52185c8f5746 |
children | 1eaea27130bc |
files | app/main/_filter/21_auth.lua |
line diff
1.1 --- a/app/main/_filter/21_auth.lua Tue Oct 20 17:51:38 2020 +0200 1.2 +++ b/app/main/_filter/21_auth.lua Tue Oct 20 17:58:07 2020 +0200 1.3 @@ -56,70 +56,70 @@ 1.4 auth_needed = false 1.5 end 1.6 1.7 -if app.session:has_access("anonymous") then 1.8 +if app.session then 1.9 + 1.10 + if app.session:has_access("anonymous") then 1.11 1.12 - if 1.13 - module == "index" and view == "index" 1.14 - or module == "area" and view == "show" 1.15 - or module == "unit" and view == "show" 1.16 - or module == "policy" and view == "show" 1.17 - or module == "policy" and view == "list" 1.18 - or module == "issue" and view == "show" 1.19 - or module == "issue" and view == "history" 1.20 - or module == "initiative" and view == "show" 1.21 - or module == "initiative" and view == "history" 1.22 - or module == "suggestion" and view == "show" 1.23 - or module == "draft" and view == "diff" 1.24 - or module == "draft" and view == "show" 1.25 - or module == "file" and view == "show.jpg" 1.26 - or module == "index" and view == "search" 1.27 - or module == "index" and view == "usage_terms" 1.28 - or module == "help" and view == "introduction" 1.29 - or module == "style" 1.30 - then 1.31 - auth_needed = false 1.32 + if 1.33 + module == "index" and view == "index" 1.34 + or module == "area" and view == "show" 1.35 + or module == "unit" and view == "show" 1.36 + or module == "policy" and view == "show" 1.37 + or module == "policy" and view == "list" 1.38 + or module == "issue" and view == "show" 1.39 + or module == "issue" and view == "history" 1.40 + or module == "initiative" and view == "show" 1.41 + or module == "initiative" and view == "history" 1.42 + or module == "suggestion" and view == "show" 1.43 + or module == "draft" and view == "diff" 1.44 + or module == "draft" and view == "show" 1.45 + or module == "file" and view == "show.jpg" 1.46 + or module == "index" and view == "search" 1.47 + or module == "index" and view == "usage_terms" 1.48 + or module == "help" and view == "introduction" 1.49 + or module == "style" 1.50 + then 1.51 + auth_needed = false 1.52 + end 1.53 + 1.54 end 1.55 1.56 -end 1.57 - 1.58 -if app.session:has_access("authors_pseudonymous") then 1.59 - if module == "member_image" and view == "show" and param.get("image_type") == "avatar" then 1.60 - auth_needed = false 1.61 + if app.session:has_access("authors_pseudonymous") then 1.62 + if module == "member_image" and view == "show" and param.get("image_type") == "avatar" then 1.63 + auth_needed = false 1.64 + end 1.65 end 1.66 -end 1.67 1.68 -if app.session:has_access("everything") then 1.69 - if module == "member_image" and view == "show" then 1.70 - auth_needed = false 1.71 + if app.session:has_access("everything") then 1.72 + if module == "member_image" and view == "show" then 1.73 + auth_needed = false 1.74 + end 1.75 end 1.76 -end 1.77 1.78 -if app.session:has_access("all_pseudonymous") then 1.79 - if module == "vote" and view == "show_incoming" 1.80 - or module == "member" and view == "list" 1.81 - or module == "interest" and view == "show_incoming" 1.82 - or module == "vote" and view == "list" then 1.83 - auth_needed = false 1.84 - end 1.85 -end 1.86 - 1.87 -if app.session:has_access("everything") then 1.88 - if module == "member" and (view == "show" or view == "history") then 1.89 - auth_needed = false 1.90 + if app.session:has_access("all_pseudonymous") then 1.91 + if module == "vote" and view == "show_incoming" 1.92 + or module == "member" and view == "list" 1.93 + or module == "interest" and view == "show_incoming" 1.94 + or module == "vote" and view == "list" then 1.95 + auth_needed = false 1.96 + end 1.97 end 1.98 -end 1.99 1.100 -if module == "sitemap" then 1.101 - auth_needed = false 1.102 -end 1.103 + if app.session:has_access("everything") then 1.104 + if module == "member" and (view == "show" or view == "history") then 1.105 + auth_needed = false 1.106 + end 1.107 + end 1.108 1.109 -if app.session:has_access("anonymous") and not app.session.member_id and auth_needed and module == "index" and view == "index" then 1.110 - if config.single_unit_id then 1.111 - request.redirect{ module = "unit", view = "show", id = config.single_unit_id } 1.112 - else 1.113 - request.redirect{ module = "unit", view = "list" } 1.114 + if app.session:has_access("anonymous") and not app.session.member_id and auth_needed and module == "index" and view == "index" then 1.115 + if config.single_unit_id then 1.116 + request.redirect{ module = "unit", view = "show", id = config.single_unit_id } 1.117 + else 1.118 + request.redirect{ module = "unit", view = "list" } 1.119 + end 1.120 + return 1.121 end 1.122 - return 1.123 + 1.124 end 1.125 1.126 -- if not app.session.user_id then 1.127 @@ -127,7 +127,7 @@ 1.128 -- app.session.user_id = 1 1.129 -- end 1.130 1.131 -if auth_needed and app.session.member == nil then 1.132 +if auth_needed and not app.session or not app.session.member then 1.133 trace.debug("Not authenticated yet.") 1.134 local params = json.object() 1.135 for key, val in pairs(request.get_param_strings()) do 1.136 @@ -149,7 +149,7 @@ 1.137 elseif auth_needed and app.session.member.locked then 1.138 trace.debug("Member locked.") 1.139 request.redirect{ module = 'index', view = 'login' } 1.140 -else 1.141 +elseif app.session then 1.142 if config.check_delegations_interval_hard and app.session.member_id and app.session.needs_delegation_check 1.143 and not (module == "admin" or (module == "index" and ( 1.144 view == "check_delegations"