CIRCL
/
AIL-framework
mirror of https://github.com/CIRCL/AIL-framework
2
1
Fork 0
Code Issues Releases Wiki Activity

fix: [API ACL] avoid user_no_api users to access the API

pull/559/head
Terrtia 2021-02-23 15:28:15 +01:00
parent 1c991aa792
commit e6a2655d31
No known key found for this signature in database
GPG Key ID: 1E1B1F50D84613D0
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
var/www/modules/restApi/Flask_restApi.py
View File

@ -68,6 +68,10 @@ def get_user_from_token(token):
return r_serv_db.hget('user:tokens', token)
def verify_user_role(role, token):
# User without API
if role == 'user_no_api':
return False
user_id = get_user_from_token(token)
if user_id:
if is_in_role(user_id, role):