From c34ab254ede659d48674461221bfca3846107939 Mon Sep 17 00:00:00 2001 From: Antonio de la Rosa Date: Fri, 21 Mar 2025 21:28:50 +0100 Subject: [PATCH] Fix in autologin --- paramecio/modules/admin2/app.py | 42 ++++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/paramecio/modules/admin2/app.py b/paramecio/modules/admin2/app.py index 4e625e0..b2c15a4 100644 --- a/paramecio/modules/admin2/app.py +++ b/paramecio/modules/admin2/app.py @@ -11,7 +11,7 @@ from paramecio.libraries.keyutils import create_key_encrypt, create_key from time import time from paramecio.wsgiapp import app #from paramecio.modules.admin2 import admin_app -from bottle import request, redirect, Bottle +from bottle import request, redirect, Bottle, response from paramecio.modules.admin2.libraries.loginplugin import check_login from paramecio.libraries.sessionplugin import SessionPlugin from paramecio.libraries.httputils import GetPostFiles @@ -81,19 +81,27 @@ def login_admin(session={}): if cookie_name+'_remember' in request.cookies: - arr_user=simplequery.select(usermodel, db, dict_fields=['id', 'username'], where_sql='WHERE token_login=%s', dict_values=[request.cookies[cookie_name+'_remember']]) + arr_user=simplequery.select(usermodel, db, dict_fields=['id', 'username', 'dark_theme', 'privileges', 'lang'], where_sql='WHERE token_login=%s', dict_values=[request.cookies[cookie_name+'_remember']]) if len(arr_user)>0: now_str=now() + date_now=format_local_strtime('YYYY-MM-DD HH:mm:ss', now_str) db.query('update useradmin2 set last_login=%s WHERE id=%s', [date_now, arr_user[0]['id']]) - request.session['login_admin']=True + session['login_admin']=True + session['user_id']=arr_user[0]['id'] + session['theme']=arr_user[0]['dark_theme'] + session['modules']=get_modules_user(arr_user[0], db) + session['privileges']=arr_user[0]['privileges'] + session['lang']=arr_user[0]['lang'] + + session.save() db.close() - redirect(app.get_url('app_admin.home_admin')) + redirect(app.get_url('admin_app.home_admin')) with db.query('select count(id) as num_users from useradmin2', []) as cursor: num_users=cursor.fetchone()['num_users'] @@ -167,7 +175,8 @@ def check_login_admin(session={}): timestamp=int(time())+315360000 - response.set_cookie(key=cookie_name+'_remember', value=remember_key, expires=timestamp, max_age=315360000, httponly=True, path=config.application_root) + #response.set_cookie(key=cookie_name+'_remember', value=remember_key, expires=timestamp, max_age=315360000, httponly=True, path=config.session_opts['session.path']) + response.set_cookie(config.cookie_name+'_remember', remember_key, expires=timestamp, max_age=315360000, path=config.session_opts['session.path'], httponly=True) now_str=now() date_now=format_local_strtime('YYYY-MM-DD HH:mm:ss', now_str) @@ -273,7 +282,7 @@ def logout_admin(session={}): del session['login_admin'] if cookie_name+'_remember' in request.cookies: - response.delete_cookie(cookie_name+'_remember', path=session_opts['session.path']) + response.delete_cookie(cookie_name+'_remember', path=config.session_opts['session.path']) redirect(app.get_url('admin_app.login_admin')) @@ -412,3 +421,24 @@ def check_login_tries(request, db): #app.mount(admin_folder, admin_app) +def get_modules_user(arr_user, db): + + if arr_user['privileges']==0: + with db.query('select module from privilegesmodule2 WHERE user_id=%s', [arr_user['id']]) as cursor: + modules_priv=[v['module'] for v in cursor.fetchall()] + + for k, v in modules_admin.items(): + if k in modules_priv: + if len(v)>2: + modules_priv+=v[2] + else: + + modules_priv=[] + for k, v in modules_admin.items(): + modules_priv.append(k) + if len(v)==3: + modules_priv+=v[2] + + modules_priv.append('admin_app.home_admin') + + return modules_priv