paramecio/parameciofm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixes in permissions

Browse source
This commit is contained in:
Antonio de la Rosa 2025-03-19 00:35:23 +01:00
parent 7c9ce508d5
commit af84f4acb7
4 changed files with 30 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

22
paramecio/modules/admin2/app.py
View file

@ -181,13 +181,25 @@ def check_login_admin(session={}):
sendmail.send(config.portal_email, [result['email']], i18n.tlang('Code for complete login'), i18n.tlang('We send to you a code for activate your account using double authentication:')+"\n"+token_auth, content_type='plain', attachments=[]) sendmail.send(config.portal_email, [result['email']], i18n.tlang('Code for complete login'), i18n.tlang('We send to you a code for activate your account using double authentication:')+"\n"+token_auth, content_type='plain', attachments=[])
modules_priv=[]
if result['privileges']==0: if result['privileges']==0:
with db.query('select * from privilegesmodule2 WHERE user_id=%s', [result['id']]) as cursor: with db.query('select module from privilegesmodule2 WHERE user_id=%s', [result['id']]) as cursor:
modules_priv=list(cursor.fetchall()) modules_priv=[v['module'] for v in cursor.fetchall()]
for v in modules_admin:
if v[0] in modules_priv:
if len(v)>2:
modules_priv+=v[2]
#print(modules_priv)
else: else:
modules_priv=[v[0] for v in modules_admin] #modules_priv=[v[0] for v in modules_admin]
modules_priv=[]
for v in modules_admin:
modules_priv.append(v[0])
if len(v)==3:
modules_priv+=v[2]
modules_priv.append('admin_app.home_admin')
db.query('update useradmin2 set token_login=%s, last_login=%s, token_auth=%s WHERE id=%s', [remember_key, date_now, usermodel.fields['password'].check(token_auth), result['id']]) db.query('update useradmin2 set token_login=%s, last_login=%s, token_auth=%s WHERE id=%s', [remember_key, date_now, usermodel.fields['password'].check(token_auth), result['id']])

4
paramecio/modules/admin2/ausers.py
View file

@ -32,7 +32,7 @@ if t.env.directories[1]!=tpl_path:
""" """
#modules_admin.append(['menu_users', 'people-circle', True]) #modules_admin.append(['menu_users', 'people-circle', True])
modules_admin.append(['admin_app.admin_users', 'people-circle']) modules_admin.append(['admin_app.admin_users', 'people-circle', ['admin_app.admin_permissions']])
modules_admin_icons.append('<symbol id="people-circle" viewBox="0 0 16 16"><path d="M11 6a3 3 0 1 1-6 0 3 3 0 0 1 6 0z"/><path fill-rule="evenodd" d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8zm8-7a7 7 0 0 0-5.468 11.37C3.242 11.226 4.805 10 8 10s4.757 1.225 5.468 2.37A7 7 0 0 0 8 1z"/></symbol>') modules_admin_icons.append('<symbol id="people-circle" viewBox="0 0 16 16"><path d="M11 6a3 3 0 1 1-6 0 3 3 0 0 1 6 0z"/><path fill-rule="evenodd" d="M0 8a8 8 0 1 1 16 0A8 8 0 0 1 0 8zm8-7a7 7 0 0 0-5.468 11.37C3.242 11.226 4.805 10 8 10s4.757 1.225 5.468 2.37A7 7 0 0 0 8 1z"/></symbol>')
@ -82,7 +82,7 @@ def admin_users(session={}):
@admin_app.get('/ausers/permissions/<user_id:int>', name="admin_app.admin_permissions") @admin_app.get('/ausers/permissions/<user_id:int>', name="admin_app.admin_permissions")
@admin_app.post('/ausers/permissions/<user_id:int>', name="admin_app.admin_permissions") @admin_app.post('/ausers/permissions/<user_id:int>', name="admin_app.admin_permissions")
def admin_users(user_id, session={}): def admin_permissions(user_id, session={}):
db=WebModel.connection() db=WebModel.connection()

11
paramecio/modules/admin2/libraries/loginplugin.py
View file

@ -1,4 +1,4 @@
from bottle import request, response, redirect from bottle import request, response, redirect, abort
#from settings import config #from settings import config
import inspect import inspect
from paramecio.wsgiapp import app from paramecio.wsgiapp import app
@ -10,9 +10,14 @@ def check_login(callback):
if request.environ['session'].get('login_admin', False) and not request.environ['session'].get('verify_auth', False): if request.environ['session'].get('login_admin', False) and not request.environ['session'].get('verify_auth', False):
result = callback(*args, **kwargs) #print(request.environ.get('session'))
#print(request['bottle.route'].name)
if request['bottle.route'].name in request.environ['session'].get('modules', []):
result = callback(*args, **kwargs)
return result return result
else:
abort(403)
if request.environ['session'].get('verify_auth', False): if request.environ['session'].get('verify_auth', False):
redirect(app.get_url('admin_app.need_auth')) redirect(app.get_url('admin_app.need_auth'))

4
paramecio/modules/admin2/templates/layout.phtml
View file

@ -67,7 +67,8 @@ if session.get('theme', '0')==True:
<li class="menu_title"><%block name="applications"><i class="fa fa-gear" aria-hidden="true"></i>${tlang('Applications')}</li></%block> <li class="menu_title"><%block name="applications"><i class="fa fa-gear" aria-hidden="true"></i>${tlang('Applications')}</li></%block>
% for module in modules_admin: % for module in modules_admin:
<li> <li>
% if len(module)>2: % if module[0] in session['modules']:
% if len(module)>2 and type(module[2]).__name__=='str':
<div class="father_admin"> <div class="father_admin">
<svg class="bi me-2" width="16" height="16"><use xlink:href="#${module[1]}"></use></svg> <svg class="bi me-2" width="16" height="16"><use xlink:href="#${module[1]}"></use></svg>
${i18n.clang('admin2', module[0], module[0])} ${i18n.clang('admin2', module[0], module[0])}
@ -78,6 +79,7 @@ if session.get('theme', '0')==True:
${i18n.clang('admin2', module[0], module[0])} ${i18n.clang('admin2', module[0], module[0])}
</a> </a>
% endif % endif
% endif
</li> </li>
% endfor % endfor
</ul> </ul>