Commit 93cdbe10 authored by Recteur LP's avatar Recteur LP

Update handlers.py: Authorize user to read plugin config

*Plugin should not store non-hashed password in this settings*
parent 9a86b7a6
Pipeline #1126 failed with stages
in 3 minutes and 55 seconds
......@@ -138,7 +138,7 @@ class render_plugin(render_class):
@expose
def index(self, **kwargs):
self.permissions()
self.permissions("admin")
try:
Core(self.main_config).get_menu()
core = Core(self.main_config).get_core_html(self.name)
......@@ -152,17 +152,17 @@ class settings_rest():
def __init__(self, config):
self.configuration = config
def permissions(self):
def permissions(self, type = "admin"):
user = User(self.configuration).get()
if not user['auth']:
raise cherrypy.HTTPError(401, 'Log in first.')
if not user['admin']:
if not user['admin'] and type == "admin":
raise cherrypy.HTTPError(401, 'You need Administrator permissions')
@expose
@cherrypy.tools.json_out()
def install(self, **kwargs):
self.permissions()
self.permissions("admin")
if kwargs['method'] == "upload":
log.debug('Installing plugin from file ...')
self.check_kwargs(['tar'], kwargs)
......@@ -194,7 +194,7 @@ class settings_rest():
@expose
@cherrypy.tools.json_out()
def config(self, plugin_name):
self.permissions()
self.permissions("user")
if plugin_name in self.configuration:
return {"status": 0, "config": self.configuration[plugin_name]}
else:
......@@ -206,7 +206,7 @@ class settings_rest():
@expose
@cherrypy.tools.json_out()
def reinstall(self, plugin_name):
self.permissions()
self.permissions("admin")
log.debug('Reinstalling plugin: ' + plugin_name)
try:
Plugins(self.configuration).reinstall(plugin_name)
......@@ -219,7 +219,7 @@ class settings_rest():
@expose
@cherrypy.tools.json_out()
def uninstall(self, plugin_name):
self.permissions()
self.permissions("admin")
log.debug('Uninstalling plugin: ' + plugin_name)
try:
Plugins(self.configuration).uninstall(plugin_name)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment