chg: [auth] Check if can access the dashboard

authImprovements
mokaddem 2019-10-11 08:57:55 +02:00
parent 2ecc4a8fad
commit eaf3ad30d1
2 changed files with 9 additions and 2 deletions

View File

@ -109,6 +109,7 @@ class User(UserMixin):
}
misp_login_page = auth_host + "/users/login"
misp_user_me_page = auth_host + "/users/view/me.json"
session = requests.Session()
session.verify = auth_ssl_verify
@ -132,7 +133,13 @@ class User(UserMixin):
redirect_location = post_to_login_page.headers.get('Location', '')
# Authentication is successful if MISP returns a redirect to '/users/routeafterlogin'.
if '/users/routeafterlogin' in redirect_location:
return True
# Logged in, check if logged in user can access the dashboard
me_json = session.get(misp_user_me_page).json()
dashboard_access = me_json.get('UserSetting', {}).get('dashboard_access', False)
if dashboard_access is not False:
return dashboard_access is True or dashboard_access == 1
else:
return False
return None

View File

@ -36,7 +36,7 @@
</div>
{% if authError %}
<div class="alert alert-danger">
Username and Password does not match when connecting to MISP
Username and Password does not match when connecting to MISP or incorrect MISP permission
</div>
{% endif %}