Fixed partially anonymous authentication
This commit is contained in:
parent
58faf725b0
commit
e2512b12fb
@ -278,30 +278,21 @@ class Application(object):
|
|||||||
else:
|
else:
|
||||||
user = password = None
|
user = password = None
|
||||||
|
|
||||||
if not items or function == self.options or \
|
|
||||||
auth.is_authenticated(user, password) if user else True:
|
|
||||||
|
|
||||||
read_allowed_items, write_allowed_items = \
|
read_allowed_items, write_allowed_items = \
|
||||||
self.collect_allowed_items(items, user)
|
self.collect_allowed_items(items, user)
|
||||||
|
|
||||||
if read_allowed_items or write_allowed_items or \
|
if ((read_allowed_items or write_allowed_items)
|
||||||
|
and auth.is_authenticated(user, password)) or \
|
||||||
function == self.options or not items:
|
function == self.options or not items:
|
||||||
# Collections found, or OPTIONS request, or no items at all
|
# Collections found, or OPTIONS request, or no items at all
|
||||||
status, headers, answer = function(
|
status, headers, answer = function(
|
||||||
environ, read_allowed_items, write_allowed_items, content,
|
environ, read_allowed_items, write_allowed_items, content,
|
||||||
user)
|
user)
|
||||||
elif not user:
|
|
||||||
# Unknown or unauthorized user
|
|
||||||
log.LOGGER.info("%s refused" % (user or "Anonymous user"))
|
|
||||||
status = client.UNAUTHORIZED
|
|
||||||
headers = {
|
|
||||||
"WWW-Authenticate":
|
|
||||||
"Basic realm=\"%s\"" % config.get("server", "realm")}
|
|
||||||
answer = None
|
|
||||||
else:
|
else:
|
||||||
# Good user but has no rights to any of the given collections
|
|
||||||
status, headers, answer = NOT_ALLOWED
|
status, headers, answer = NOT_ALLOWED
|
||||||
else:
|
|
||||||
|
if (status, headers, answer) == NOT_ALLOWED and \
|
||||||
|
not auth.is_authenticated(user, password):
|
||||||
# Unknown or unauthorized user
|
# Unknown or unauthorized user
|
||||||
log.LOGGER.info("%s refused" % (user or "Anonymous user"))
|
log.LOGGER.info("%s refused" % (user or "Anonymous user"))
|
||||||
status = client.UNAUTHORIZED
|
status = client.UNAUTHORIZED
|
||||||
|
@ -91,9 +91,10 @@ def _read_from_sections(user, collection, permission):
|
|||||||
|
|
||||||
|
|
||||||
def authorized(user, collection, right):
|
def authorized(user, collection, right):
|
||||||
"""Check if the user is allowed to read or write the collection."""
|
"""Check if the user is allowed to read or write the collection.
|
||||||
|
|
||||||
|
If the user is empty it checks for anonymous rights
|
||||||
|
"""
|
||||||
rights_type = config.get("rights", "type").lower()
|
rights_type = config.get("rights", "type").lower()
|
||||||
return rights_type == "none" or (
|
return rights_type == "none" or (_read_from_sections(
|
||||||
(True if not user else user) and _read_from_sections(
|
user or "", collection.url.rstrip("/") or "/", right))
|
||||||
user if user else "", collection.url.rstrip("/") or "/", right)
|
|
||||||
)
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user