Check access rules (#1658)
This commit is contained in:
parent
6740269cce
commit
f857f1a8a7
|
@ -5,6 +5,7 @@ package Lemonldap::NG::Portal::Main::Plugin;
|
||||||
use strict;
|
use strict;
|
||||||
use Mouse;
|
use Mouse;
|
||||||
use HTML::Template;
|
use HTML::Template;
|
||||||
|
use Data::Dumper;
|
||||||
|
|
||||||
our $VERSION = '2.1.0';
|
our $VERSION = '2.1.0';
|
||||||
|
|
||||||
|
@ -38,13 +39,13 @@ sub _addRoute {
|
||||||
return sub {
|
return sub {
|
||||||
shift;
|
shift;
|
||||||
return $sub->( $self, @_ );
|
return $sub->( $self, @_ );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
return sub {
|
return sub {
|
||||||
shift;
|
shift;
|
||||||
return $self->$sub(@_);
|
return $self->$sub(@_);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
$self->p->$type( $word, $subName, $methods, $transform );
|
$self->p->$type( $word, $subName, $methods, $transform );
|
||||||
|
@ -56,6 +57,21 @@ sub loadTemplate {
|
||||||
return $self->p->loadTemplate(@_);
|
return $self->p->loadTemplate(@_);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub accessCtrl {
|
||||||
|
my ( $self, $req, $uri ) = @_;
|
||||||
|
my $url = $self->conf->{portal} . $uri;
|
||||||
|
$self->logger->debug("Plugin call setSecurity for URL: $url");
|
||||||
|
|
||||||
|
# Check access rule
|
||||||
|
my ( $vhost, $appuri ) = $url =~ m#^https?://([^/]*)(.*)#;
|
||||||
|
$vhost =~ s/:\d+$//;
|
||||||
|
$appuri ||= '/';
|
||||||
|
$self->logger->debug(
|
||||||
|
"grant function call with VH: $vhost and URI: $appuri");
|
||||||
|
return $self->p->HANDLER->grant( $req, $req->{userData}, $appuri,
|
||||||
|
undef, $vhost );
|
||||||
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
__END__
|
__END__
|
||||||
|
|
||||||
|
|
|
@ -848,8 +848,8 @@ sub sendCss {
|
||||||
}
|
}
|
||||||
|
|
||||||
sub lmError {
|
sub lmError {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req, $error ) = @_;
|
||||||
my $httpError = $req->param('code');
|
my $httpError = $req->param('code') || $error;
|
||||||
|
|
||||||
# Check URL
|
# Check URL
|
||||||
$self->controlUrl($req);
|
$self->controlUrl($req);
|
||||||
|
|
|
@ -44,6 +44,14 @@ sub check {
|
||||||
my ( $attrs, $array_attrs, $array_hdrs ) = ( {}, [], [] );
|
my ( $attrs, $array_attrs, $array_hdrs ) = ( {}, [], [] );
|
||||||
my $msg = my $auth = '';
|
my $msg = my $auth = '';
|
||||||
|
|
||||||
|
# Check access rule
|
||||||
|
unless ( $self->accessCtrl( $req, 'checkuser' ) ) {
|
||||||
|
$self->userLogger->error(
|
||||||
|
"$req->{user} not allowed to access /checkuser");
|
||||||
|
return $self->p->lmError( $req, 403 );
|
||||||
|
}
|
||||||
|
$self->userLogger->notice("$req->{user} is allowed to access /checkuser");
|
||||||
|
|
||||||
# Check token
|
# Check token
|
||||||
if ( $self->conf->{requireToken} ) {
|
if ( $self->conf->{requireToken} ) {
|
||||||
my $token = $req->param('token');
|
my $token = $req->param('token');
|
||||||
|
@ -148,6 +156,14 @@ sub check {
|
||||||
|
|
||||||
sub display {
|
sub display {
|
||||||
my ( $self, $req ) = @_;
|
my ( $self, $req ) = @_;
|
||||||
|
|
||||||
|
# Check access rule
|
||||||
|
unless ( $self->accessCtrl( $req, 'checkuser' ) ) {
|
||||||
|
$self->userLogger->error(
|
||||||
|
"$req->{user} not allowed to access /checkuser");
|
||||||
|
return $self->p->lmError( $req, 403 );
|
||||||
|
}
|
||||||
|
$self->userLogger->notice("$req->{user} is allowed to access /checkuser");
|
||||||
my $token = $self->ott->createToken( $req->sessionInfo );
|
my $token = $self->ott->createToken( $req->sessionInfo );
|
||||||
|
|
||||||
# Display form
|
# Display form
|
||||||
|
@ -193,11 +209,8 @@ sub _userDatas {
|
||||||
|
|
||||||
sub _authorization {
|
sub _authorization {
|
||||||
my ( $self, $req, $uri ) = @_;
|
my ( $self, $req, $uri ) = @_;
|
||||||
|
|
||||||
# Check rights
|
|
||||||
my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#;
|
my ( $vhost, $appuri ) = $uri =~ m#^https?://([^/]*)(.*)#;
|
||||||
$vhost =~ s/:\d+$//;
|
$vhost =~ s/:\d+$//;
|
||||||
$vhost = $self->p->HANDLER->resolveAlias($vhost);
|
|
||||||
$appuri ||= '/';
|
$appuri ||= '/';
|
||||||
return $self->p->HANDLER->grant( $req, $req->{sessionInfo}, $appuri,
|
return $self->p->HANDLER->grant( $req, $req->{sessionInfo}, $appuri,
|
||||||
undef, $vhost );
|
undef, $vhost );
|
||||||
|
|
Loading…
Reference in New Issue
Block a user