YunoHost/SSOwat
1
0
Fork 0
mirror of https://github.com/YunoHost/SSOwat.git synced 2024-09-03 20:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

access.lua: rework again ACL check because the previous code sometimes ended up with error 500 because of permission = nil

Browse source
This commit is contained in:
Alexandre Aubin 2023-09-29 14:30:14 +02:00
parent 12466db0d7
commit 99749decdc
1 changed files with 26 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
access.lua
View file

@ -215,47 +215,34 @@ function element_is_in_table(element, table)
return false return false
end end
-- Check whether the app is public access -- No permission object found = no access
function check_public_access(permission) if permission == nil then
if permission == nil then logger:debug("No permission matching request for "..ngx.var.uri.." ... Assuming access is denied")
logger:debug("No permission matching request for "..ngx.var.uri.." ... Assuming access is denied") has_access = false
return false -- permission is public = everybody has access, no need to check auth
end elseif permission["public"] then
logger:debug("Someone tries to access "..ngx.var.uri.." (corresponding perm: "..permission["id"]..")")
if permission["public"] then has_access = true
logger:debug("Someone tries to access "..ngx.var.uri.." (corresponding perm: "..permission["id"]..")") -- Check auth header, assume the route is protected
return true
end
end
-- Check whether a user is allowed to access a URL using the `permissions` directive
-- of the configuration file
function check_has_access(permission)
-- Public access
if authUser == nil or permission["public"] then
user = authUser or "A visitor"
logger:debug(user.." tries to access "..ngx.var.uri.." (corresponding perm: "..permission["id"]..")")
return permission["public"]
end
logger:debug("User "..authUser.." tries to access "..ngx.var.uri.." (corresponding perm: "..permission["id"]..")")
-- The user has permission to access the content if he is in the list of allowed users
if element_is_in_table(authUser, permission["users"]) then
logger:debug("User "..authUser.." can access "..ngx.var.host..ngx.var.uri..uri_args_string())
return true
else
logger:debug("User "..authUser.." cannot access "..ngx.var.uri)
return false
end
end
if check_public_access(permission) then
has_access = true
else else
is_logged_in, authUser, authPasswordEnc = check_authentication() is_logged_in, authUser, authPasswordEnc = check_authentication()
has_access = check_has_access(permission)
-- Unauthenticated user, deny access
if authUser == nil then
logger:debug("Denied unauthenticated access to "..ngx.var.uri.." (corresponding perm: "..permission["id"]..")")
has_access = false
else
logger:debug("User "..authUser.." tries to access "..ngx.var.uri.." (corresponding perm: "..permission["id"]..")")
-- The user has permission to access the content if s.he is in the list of allowed users
if element_is_in_table(authUser, permission["users"]) then
logger:debug("User "..authUser.." can access "..ngx.var.host..ngx.var.uri..uri_args_string())
has_access = true
else
logger:debug("User "..authUser.." cannot access "..ngx.var.uri)
has_access = false
end
end
end end
-- ########################################################################### -- ###########################################################################