oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add separate function to check if user has run the API command

Browse source
This commit is contained in:
shortcutme 2017-02-11 18:20:46 +01:00
parent 893e37cd74
commit f523925817
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/Ui/UiWebsocket.py
View file

@ -109,6 +109,16 @@ class UiWebsocket(object):
self.log.error("WebSocket handleRequest error: %s" % Debug.formatException(err))
self.cmd("error", "Internal error: %s" % Debug.formatException(err, "html"))
# Has permission to run the command
def hasCmdPermission(self, cmd):
cmd = cmd[0].lower() + cmd[1:]
if cmd in self.admin_commands and "ADMIN" not in self.permissions:
return False
else:
return True
# Has permission to access a site
def hasSitePermission(self, address):
if address != self.site.address and "ADMIN" not in self.site.settings["permissions"]:
return False
@ -182,7 +192,7 @@ class UiWebsocket(object):
if cmd == "response": # It's a response to a command
return self.actionResponse(req["to"], req["result"])
elif cmd in self.admin_commands and "ADMIN" not in self.permissions: # Admin commands
elif not self.hasCmdPermission(cmd): # Admin commands
return self.response(req["id"], {"error": "You don't have permission to run %s" % cmd})
else: # Normal command
func_name = "action" + cmd[0].upper() + cmd[1:]