new permission system

author: RaNaN <Mast3rRaNaN@hotmail.de> 2011-02-19 23:22:14 +0100
committer: RaNaN <Mast3rRaNaN@hotmail.de> 2011-02-19 23:22:14 +0100
commit: e1927e427125a93a8f6ea369b760f7f21f879fcc (patch)
tree: 5a6ae69172fef51da1f6e4df2c7b869977f7b17d /module/web
parent: encoding fixes (diff)
download: pyload-e1927e427125a93a8f6ea369b760f7f21f879fcc.tar.xz
3 files changed, 42 insertions, 32 deletions
diff --git a/module/web/json_app.py b/module/web/json_app.py
index 8eb2dbbfe..a654b8ce8 100644
--- a/module/web/json_app.py
+++ b/module/web/json_app.py
@@ -26,7 +26,7 @@ def get_sort_key(item):
 
 @route("/json/status")
 @route("/json/status", method="POST")
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def status():
     try:
         status = PYLOAD.status_server()
@@ -38,7 +38,7 @@ def status():
 
 @route("/json/links")
 @route("/json/links", method="POST")
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def links():
     try:
         links = PYLOAD.status_downloads()
@@ -62,7 +62,7 @@ def links():
         return HTTPError()
 
 @route("/json/queue")
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def queue():
     try:
         return PYLOAD.get_queue()
@@ -72,7 +72,7 @@ def queue():
 
 
 @route("/json/pause")
-@login_required('can_change_satus')
+@login_required('status')
 def pause():
     try:
         return PYLOAD.pause_server()
@@ -82,7 +82,7 @@ def pause():
 
 
 @route("/json/unpause")
-@login_required('can_change_status')
+@login_required('status')
 def unpause():
     try:
         return PYLOAD.unpause_server()
@@ -92,7 +92,7 @@ def unpause():
 
 
 @route("/json/cancel")
-@login_required('can_change_status')
+@login_required('status')
 def cancel():
     try:
         return PYLOAD.stop_downloads()
@@ -100,7 +100,7 @@ def cancel():
         return HTTPError()
 
 @route("/json/packages")
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def packages():
     try:
         data = PYLOAD.get_queue()
@@ -117,7 +117,7 @@ def packages():
 
 @route("/json/package/:id")
 @validate(id=int)
-@login_required('pyload.can_see_dl')
+@login_required('see_downloads')
 def package(id):
     try:
         data = PYLOAD.get_package_data(id)
@@ -147,7 +147,7 @@ def package(id):
         return HTTPError()
 
 @route("/json/package_order/:ids")
-@login_required('can_add')
+@login_required('add')
 def package_order(ids):
     try:
         pid, pos = ids.split("|")
@@ -158,7 +158,7 @@ def package_order(ids):
 
 @route("/json/link/:id")
 @validate(id=int)
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def link(id):
     try:
         data = PYLOAD.get_file_info(id)
@@ -168,7 +168,7 @@ def link(id):
 
 @route("/json/remove_link/:id")
 @validate(id=int)
-@login_required('can_delete')
+@login_required('delete')
 def remove_link(id):
     try:
         PYLOAD.del_links([id])
@@ -178,7 +178,7 @@ def remove_link(id):
 
 @route("/json/restart_link/:id")
 @validate(id=int)
-@login_required('can_add')
+@login_required('add')
 def restart_link(id):
     try:
         PYLOAD.restart_file(id)
@@ -188,7 +188,7 @@ def restart_link(id):
 
 @route("/json/abort_link/:id")
 @validate(id=int)
-@login_required('can_delete')
+@login_required('delete')
 def abort_link(id):
     try:
         PYLOAD.stop_download("link", id)
@@ -197,7 +197,7 @@ def abort_link(id):
         return HTTPError()
 
 @route("/json/link_order/:ids")
-@login_required('can_add')
+@login_required('add')
 def link_order(ids):
     try:
         pid, pos = ids.split("|")
@@ -208,7 +208,7 @@ def link_order(ids):
 
 @route("/json/add_package")
 @route("/json/add_package", method="POST")
-@login_required('can_add')
+@login_required('add')
 def add_package():
     name = request.forms.get("add_name", "New Package")
     queue = int(request.forms['add_dest'])
@@ -246,7 +246,7 @@ def add_package():
 
 @route("/json/remove_package/:id")
 @validate(id=int)
-@login_required('can_delete')
+@login_required('delete')
 def remove_package(id):
     try:
         PYLOAD.del_packages([id])
@@ -256,7 +256,7 @@ def remove_package(id):
 
 @route("/json/restart_package/:id")
 @validate(id=int)
-@login_required('can_add')
+@login_required('add')
 def restart_package(id):
     try:
         PYLOAD.restart_package(id)
@@ -267,7 +267,7 @@ def restart_package(id):
 
 @route("/json/move_package/:dest/:id")
 @validate(dest=int, id=int)
-@login_required('can_add')
+@login_required('add')
 def move_package(dest, id):
     try:
         PYLOAD.move_package(dest, id)
@@ -276,7 +276,7 @@ def move_package(dest, id):
         return HTTPError()
 
 @route("/json/edit_package", method="POST")
-@login_required('can_add')
+@login_required('add')
 def edit_package():
     try:
         id = int(request.forms.get("pack_id"))
@@ -293,7 +293,7 @@ def edit_package():
 
 @route("/json/set_captcha")
 @route("/json/set_captcha", method="POST")
-@login_required('can_add')
+@login_required('add')
 def set_captcha():
     if request.environ.get('REQUEST_METHOD', "GET") == "POST":
         try:
@@ -313,11 +313,11 @@ def set_captcha():
 
 
 @route("/json/delete_finished")
-@login_required('pyload.can_delete')
+@login_required('delete')
 def delete_finished():
     return {"del": PYLOAD.delete_finished()}
 
 @route("/json/restart_failed")
-@login_required('pyload.can_delete')
+@login_required('delete')
 def restart_failed():
     return PYLOAD.restart_failed()
 \ No newline at end of file
diff --git a/module/web/pyload_app.py b/module/web/pyload_app.py
index 643e1e75c..3869fd4cf 100644
--- a/module/web/pyload_app.py
+++ b/module/web/pyload_app.py
@@ -94,6 +94,10 @@ def login():
     else:
         return render_to_response("login.html", proc=[pre_processor])
 
+@route('/nopermission')
+def nopermission():
+    return base([_("You dont have permission to access this page.")])
+
 @route("/login", method="POST")
 def login_post():
     user = request.forms.get("username")
@@ -124,7 +128,7 @@ def logout():
 
 @route("/")
 @route("/home")
-@login_required("can_see_dl")
+@login_required("see_downloads")
 def home():
     try:
         res = PYLOAD.status_downloads()
@@ -141,7 +145,7 @@ def home():
 
 
 @route("/queue")
-@login_required("can_see_dl")
+@login_required("see_downloads")
 def queue():
     queue = PYLOAD.get_queue_info()
 
@@ -151,7 +155,7 @@ def queue():
     return render_to_response('queue.html', {'content': data}, [pre_processor])
 
 @route("/collector")
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def collector():
     queue = PYLOAD.get_collector_info()
 
@@ -161,7 +165,7 @@ def collector():
     return render_to_response('collector.html', {'content': data}, [pre_processor])
 
 @route("/downloads")
-@login_required('can_download')
+@login_required('download')
 def downloads():
     root = PYLOAD.get_conf_val("general", "download_folder")
 
@@ -193,7 +197,7 @@ def downloads():
     return render_to_response('downloads.html', {'files': data}, [pre_processor])
 
 @route("/downloads/get/:path#.+#")
-@login_required("can_download")
+@login_required("download")
 def get_download(path):
     path = unquote(path)
     #@TODO some files can not be downloaded
@@ -210,7 +214,7 @@ def get_download(path):
 
 @route("/settings")
 @route("/settings", method="POST")
-@login_required('can_change_status')
+@login_required('settings')
 def config():
     conf = PYLOAD.get_config()
     plugin = PYLOAD.get_plugin_config()
@@ -325,7 +329,7 @@ def package_ui():
 @route("/pathchooser")
 @route("/filechooser/:file#.+#")
 @route("/pathchooser/:path#.+#")
-@login_required('can_change_status')
+@login_required('status')
 def path(file="", path=""):
     if file:
         type = "file"
@@ -416,7 +420,7 @@ def path(file="", path=""):
 @route("/logs", method="POST")
 @route("/logs/:item")
 @route("/logs/:item", method="POST")
-@login_required('can_see_logs')
+@login_required('status')
 def logs(item=-1):
     s = request.environ.get('beaker.session')
 
@@ -499,6 +503,7 @@ def logs(item=-1):
                               [pre_processor])
 
 @route("/admin")
+@login_required("settings")
 def admin():
     return base(["Comming Soon."])
 
diff --git a/module/web/utils.py b/module/web/utils.py
index 8674fea1c..c76454c1f 100644
--- a/module/web/utils.py
+++ b/module/web/utils.py
@@ -65,8 +65,13 @@ def login_required(perm=None):
             s = request.environ.get('beaker.session')
             if s.get("name", None) and s.get("authenticated", False):
                 if perm:
-                    pass
-                    #print perm
+                    perms = parse_permissions(s)
+                    if not perms.has_key(perm) or not perms[perm]:
+                        if request.header.get('X-Requested-With') == 'XMLHttpRequest':
+                            return HTTPError(403, "Forbidden")
+                        else:
+                            return redirect("/nopermission")
+
                 return func(*args, **kwargs)
             else:
                 if request.header.get('X-Requested-With') == 'XMLHttpRequest':
author	RaNaN <Mast3rRaNaN@hotmail.de>	2011-02-19 23:22:14 +0100
committer	RaNaN <Mast3rRaNaN@hotmail.de>	2011-02-19 23:22:14 +0100
commit	e1927e427125a93a8f6ea369b760f7f21f879fcc (patch)
tree	5a6ae69172fef51da1f6e4df2c7b869977f7b17d /module/web
parent	encoding fixes (diff)
download	pyload-e1927e427125a93a8f6ea369b760f7f21f879fcc.tar.xz