Allow user role to view history (#890)

2025-07-06 22:24:05 +00:00 · 2021-03-27 18:33:11 +00:00
parent 44c4531f02
commit 98db953820
12 changed files with 177 additions and 46 deletions
--- a/powerdnsadmin/decorators.py
+++ b/powerdnsadmin/decorators.py
@ -8,7 +8,6 @@ from .models import User, ApiKey, Setting, Domain, Setting
 from .lib.errors import RequestIsNotJSON, NotEnoughPrivileges
 from .lib.errors import DomainAccessForbidden

-
 def admin_role_required(f):
    """
    Grant access if user is in Administrator role
@ -35,6 +34,21 @@ def operator_role_required(f):
    return decorated_function


+def history_access_required(f):
+    """
+    Grant access if user is in Operator role or higher, or Users can view history
+    """
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if current_user.role.name not in [
+            'Administrator', 'Operator'
+        ] and not Setting().get('allow_user_view_history'):
+            abort(403)
+        return f(*args, **kwargs)
+
+    return decorated_function
+
+
 def can_access_domain(f):
    """
    Grant access if: