From e1927e427125a93a8f6ea369b760f7f21f879fcc Mon Sep 17 00:00:00 2001
From: RaNaN <Mast3rRaNaN@hotmail.de>
Date: Sat, 19 Feb 2011 23:22:14 +0100
Subject: new permission system

---
 module/web/utils.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'module/web/utils.py')

diff --git a/module/web/utils.py b/module/web/utils.py
index 8674fea1c..c76454c1f 100644
--- a/module/web/utils.py
+++ b/module/web/utils.py
@@ -65,8 +65,13 @@ def login_required(perm=None):
             s = request.environ.get('beaker.session')
             if s.get("name", None) and s.get("authenticated", False):
                 if perm:
-                    pass
-                    #print perm
+                    perms = parse_permissions(s)
+                    if not perms.has_key(perm) or not perms[perm]:
+                        if request.header.get('X-Requested-With') == 'XMLHttpRequest':
+                            return HTTPError(403, "Forbidden")
+                        else:
+                            return redirect("/nopermission")
+
                 return func(*args, **kwargs)
             else:
                 if request.header.get('X-Requested-With') == 'XMLHttpRequest':
-- 
cgit v1.2.3