From c019f9d208c286b637908bfbfcf283c16a13e3a2 Mon Sep 17 00:00:00 2001
From: Laurent Peuch <cortex@worlddomination.be>
Date: Fri, 12 May 2017 15:42:29 +0200
Subject: [PATCH] [fix] check users ACL on http basic auth

---
 access.lua | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/access.lua b/access.lua
index ece6113..3964af0 100644
--- a/access.lua
+++ b/access.lua
@@ -373,6 +373,12 @@ if auth_header then
     user = hlp.authenticate(user, password)
     if user then
         hlp.set_headers(user)
+
+        -- If user has no access to this URL, redirect him to the portal
+        if not hlp.has_access(user) then
+            return hlp.redirect(conf.portal_url)
+        end
+
         return hlp.pass()
     end
 end