iou1name/Buckler
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: iou1name:fc434f0d62420bc403013e0c5dbddb7273d333e3
Branches Tags
iou1name:master
..
compare: iou1name:d5aa1bd4deabf635a0259fec4675bf44b3b341fe
Branches Tags
iou1name:master

2 Commits
fc434f0d62 ... d5aa1bd4de

Author SHA1 Message Date
iou1name
d5aa1bd4de prevent non-admins from accessing critical functions 2020-11-21 13:23:15 -05:00
iou1name
bdaf3730c4 bugfix non-admin errors 2020-11-20 21:13:35 -05:00
3 changed files with 8 additions and 3 deletions
Show Stats Expand all files Collapse all files

5
forms.py
View File

@ -13,7 +13,6 @@ async def invite_user(request):
"""Allows an admin to invite a new user."""
if not request['session']['admin']:
return {'main': "You do not have permission to do that."}
data = await request.post()
email = data.get('email')
@ -27,6 +26,8 @@ async def invite_user(request):
async def change_user_perms(request):
"""Allows an admin to change user permissions."""
if not request['session']['admin']:
return {'main': "You do not have permission to do that."}
data = await request.post()
data = json.loads(data['perms'])
@ -52,6 +53,8 @@ async def change_user_perms(request):
async def new_app(request):
"""Allows an admin to add a new app to be managed by Buckler."""
if not request['session']['admin']:
return {'main': "You do not have permission to do that."}
data = await request.post()
app_name = data.get('app_name')
app_url = data.get('app_url')

2
static/buckler.js
View File

@ -15,8 +15,10 @@ function load() {
}
});
});
if (user_perms) {
document.querySelector('#user_perm_form').addEventListener('submit', submit_user_perms);
}
}
function submit_user_perms(event) {
event.preventDefault();

2
templates/index.html
View File

@ -4,7 +4,7 @@
<title>Buckler</title>
<link rel="stylesheet" type="text/css" href="/static/buckler.css">
<script>
var user_perms = {{ user_perms_json|safe }};
var user_perms = {% if request['session']['admin'] %}{{ user_perms_json|safe }}{% else %}null{% endif %};
</script>
<script type="text/javascript" src="/static/buckler.js"></script>
<script>window.onload = load;</script>