new permission system

author: RaNaN <Mast3rRaNaN@hotmail.de> 2011-02-19 23:22:14 +0100
committer: RaNaN <Mast3rRaNaN@hotmail.de> 2011-02-19 23:22:14 +0100
commit: e1927e427125a93a8f6ea369b760f7f21f879fcc (patch)
tree: 5a6ae69172fef51da1f6e4df2c7b869977f7b17d /module/web/utils.py
parent: encoding fixes (diff)
download: pyload-e1927e427125a93a8f6ea369b760f7f21f879fcc.tar.xz
1 files changed, 7 insertions, 2 deletions
diff --git a/module/web/utils.py b/module/web/utils.py
index 8674fea1c..c76454c1f 100644
--- a/module/web/utils.py
+++ b/module/web/utils.py
@@ -65,8 +65,13 @@ def login_required(perm=None):
             s = request.environ.get('beaker.session')
             if s.get("name", None) and s.get("authenticated", False):
                 if perm:
-                    pass
-                    #print perm
+                    perms = parse_permissions(s)
+                    if not perms.has_key(perm) or not perms[perm]:
+                        if request.header.get('X-Requested-With') == 'XMLHttpRequest':
+                            return HTTPError(403, "Forbidden")
+                        else:
+                            return redirect("/nopermission")
+
                 return func(*args, **kwargs)
             else:
                 if request.header.get('X-Requested-With') == 'XMLHttpRequest':
author	RaNaN <Mast3rRaNaN@hotmail.de>	2011-02-19 23:22:14 +0100
committer	RaNaN <Mast3rRaNaN@hotmail.de>	2011-02-19 23:22:14 +0100
commit	e1927e427125a93a8f6ea369b760f7f21f879fcc (patch)
tree	5a6ae69172fef51da1f6e4df2c7b869977f7b17d /module/web/utils.py
parent	encoding fixes (diff)
download	pyload-e1927e427125a93a8f6ea369b760f7f21f879fcc.tar.xz