[fix] check users ACL on http basic auth

This commit is contained in:
Laurent Peuch 2017-05-12 15:42:29 +02:00 committed by opi
parent 442147bbbe
commit c019f9d208

View file

@ -373,6 +373,12 @@ if auth_header then
user = hlp.authenticate(user, password) user = hlp.authenticate(user, password)
if user then if user then
hlp.set_headers(user) hlp.set_headers(user)
-- If user has no access to this URL, redirect him to the portal
if not hlp.has_access(user) then
return hlp.redirect(conf.portal_url)
end
return hlp.pass() return hlp.pass()
end end
end end