Adjustment to give user access to granted domain only

This commit is contained in:
Khanh Ngo 2018-03-31 07:32:46 +07:00
parent ce6c3c21f1
commit aa2b29dac3
2 changed files with 33 additions and 9 deletions

28
app/decorators.py Normal file
View File

@ -0,0 +1,28 @@
from functools import wraps
from flask import g, request, redirect, url_for
from app import app
from app.models import Role
def admin_role_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if g.user.role.name != 'Administrator':
return redirect(url_for('error', code=401))
return f(*args, **kwargs)
return decorated_function
def can_access_domain(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if g.user.role.name != 'Administrator':
domain_name = kwargs.get('domain_name')
user_domain = [d.name for d in g.user.get_domain()]
if domain_name not in user_domain:
return redirect(url_for('error', code=401))
return f(*args, **kwargs)
return decorated_function

View File

@ -19,6 +19,7 @@ from werkzeug.security import gen_salt
from .models import User, Domain, Record, Server, History, Anonymous, Setting, DomainSetting from .models import User, Domain, Record, Server, History, Anonymous, Setting, DomainSetting
from app import app, login_manager, github, google from app import app, login_manager, github, google
from app.lib import utils from app.lib import utils
from app.decorators import admin_role_required, can_access_domain
jinja2.filters.FILTERS['display_record_name'] = utils.display_record_name jinja2.filters.FILTERS['display_record_name'] = utils.display_record_name
@ -123,15 +124,6 @@ def login_via_authorization_header(request):
return None return None
# END USER AUTHENTICATION HANDLER # END USER AUTHENTICATION HANDLER
# START CUSTOMIZE DECORATOR
def admin_role_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if g.user.role.name != 'Administrator':
return redirect(url_for('error', code=401))
return f(*args, **kwargs)
return decorated_function
# END CUSTOMIZE DECORATOR
# START VIEWS # START VIEWS
@app.errorhandler(400) @app.errorhandler(400)
@ -405,6 +397,7 @@ def dashboard_domains():
@app.route('/domain/<path:domain_name>', methods=['GET', 'POST']) @app.route('/domain/<path:domain_name>', methods=['GET', 'POST'])
@app.route('/domain', methods=['GET', 'POST']) @app.route('/domain', methods=['GET', 'POST'])
@login_required @login_required
@can_access_domain
def domain(domain_name): def domain(domain_name):
r = Record() r = Record()
domain = Domain.query.filter(Domain.name == domain_name).first() domain = Domain.query.filter(Domain.name == domain_name).first()
@ -523,6 +516,7 @@ def domain_management(domain_name):
@app.route('/domain/<path:domain_name>/apply', methods=['POST'], strict_slashes=False) @app.route('/domain/<path:domain_name>/apply', methods=['POST'], strict_slashes=False)
@login_required @login_required
@can_access_domain
def record_apply(domain_name): def record_apply(domain_name):
""" """
example jdata: {u'record_ttl': u'1800', u'record_type': u'CNAME', u'record_name': u'test4', u'record_status': u'Active', u'record_data': u'duykhanh.me'} example jdata: {u'record_ttl': u'1800', u'record_type': u'CNAME', u'record_name': u'test4', u'record_status': u'Active', u'record_data': u'duykhanh.me'}
@ -546,6 +540,7 @@ def record_apply(domain_name):
@app.route('/domain/<path:domain_name>/update', methods=['POST'], strict_slashes=False) @app.route('/domain/<path:domain_name>/update', methods=['POST'], strict_slashes=False)
@login_required @login_required
@can_access_domain
def record_update(domain_name): def record_update(domain_name):
""" """
This route is used for domain work as Slave Zone only This route is used for domain work as Slave Zone only
@ -582,6 +577,7 @@ def record_delete(domain_name, record_name, record_type):
@app.route('/domain/<path:domain_name>/dnssec', methods=['GET']) @app.route('/domain/<path:domain_name>/dnssec', methods=['GET'])
@can_access_domain
@login_required @login_required
def domain_dnssec(domain_name): def domain_dnssec(domain_name):
domain = Domain() domain = Domain()