Skip to content
Snippets Groups Projects
Commit df0b42b1 authored by Andreas Valder's avatar Andreas Valder
Browse files

Merge branch 'master' of git.fsmpi.rwth-aachen.de:julianundandyfrickelnkram/videoagwebsite

parents a7fd4646 856df6ab
Branches
No related tags found
No related merge requests found
...@@ -93,6 +93,15 @@ CREATE TABLE IF NOT EXISTS `places` ( ...@@ -93,6 +93,15 @@ CREATE TABLE IF NOT EXISTS `places` (
`campus_room` varchar(20) NOT NULL, `campus_room` varchar(20) NOT NULL,
`campus_name` varchar(30) NOT NULL `campus_name` varchar(30) NOT NULL
); );
CREATE TABLE IF NOT EXISTS `auth` (
`auth_id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
`course_id` INTEGER,
`lecture_id` INTEGER,
`video_id` INTEGER,
`auth_type` varchar(10),
`auth_user` varchar(127),
`auth_passwd` varchar(127)
);
CREATE TABLE IF NOT EXISTS `site_texts` ( CREATE TABLE IF NOT EXISTS `site_texts` (
`key` varchar(64) NOT NULL PRIMARY KEY, `key` varchar(64) NOT NULL PRIMARY KEY,
`value` text NOT NULL, `value` text NOT NULL,
......
#!/bin/python from flask import Flask, g, request, url_for, redirect, session, render_template, flash, Response
from flask import Flask, g, request, url_for, redirect, session, render_template, flash
from werkzeug.routing import Rule from werkzeug.routing import Rule
from functools import wraps from functools import wraps
from datetime import date, timedelta, datetime, time from datetime import date, timedelta, datetime, time
...@@ -161,12 +160,15 @@ def search(): ...@@ -161,12 +160,15 @@ def search():
'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod()) 'WHERE (? OR (coursevisible AND listed AND visible)) GROUP BY id ORDER BY _score DESC, time DESC LIMIT 30', ismod())
return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures) return render_template('search.html', searchtext=request.args['q'], courses=courses, lectures=lectures)
def check_mod(user, groups):
return user and 'users' in groups
@app.route('/login', methods=['GET', 'POST']) @app.route('/login', methods=['GET', 'POST'])
def login(): def login():
if request.method == 'GET': if request.method == 'GET':
return render_template('login.html') return render_template('login.html')
user, groups = ldapauth(request.form.get('user'), request.form.get('password')) user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
if not user or not 'users' in groups: if not check_mod(user, groups):
flash('Login fehlgeschlagen!') flash('Login fehlgeschlagen!')
return render_template('login.html') return render_template('login.html')
session['user'] = ldapget(user) session['user'] = ldapget(user)
...@@ -205,7 +207,6 @@ def edit(): ...@@ -205,7 +207,6 @@ def edit():
assert column in tabs[table][2] assert column in tabs[table][2]
query('INSERT INTO changelog ("table",id_value,id_key,field,value_new,value_old,"when",who,executed) VALUES (?,?,?,?,?,(SELECT %s FROM %s WHERE %s = ?),?,?,1)'%(column,tabs[table][0],tabs[table][1]),table,id,tabs[table][1],column,val,id,datetime.now(),session['user']['givenName']) query('INSERT INTO changelog ("table",id_value,id_key,field,value_new,value_old,"when",who,executed) VALUES (?,?,?,?,?,(SELECT %s FROM %s WHERE %s = ?),?,?,1)'%(column,tabs[table][0],tabs[table][1]),table,id,tabs[table][1],column,val,id,datetime.now(),session['user']['givenName'])
query('UPDATE %s SET %s = ? WHERE %s = ?'%(tabs[table][0], column,tabs[table][1]), val, id) query('UPDATE %s SET %s = ? WHERE %s = ?'%(tabs[table][0], column,tabs[table][1]), val, id)
query('COMMIT') query('COMMIT')
return "OK", 200 return "OK", 200
...@@ -216,22 +217,42 @@ def auth(): # For use with nginx auth_request ...@@ -216,22 +217,42 @@ def auth(): # For use with nginx auth_request
return 'Internal Server Error', 500 return 'Internal Server Error', 500
url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX']) url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
ip = request.headers.get('X-Real-IP', '') ip = request.headers.get('X-Real-IP', '')
videos = query('''SELECT videos.path, videos.id if url.endswith('jpg'):
return "OK", 200
videos = query('''SELECT videos.path, videos.id, lectures.id AS lecture_id, courses.id AS course_id, auth.*
FROM videos FROM videos
JOIN lectures ON (videos.lecture_id = lectures.id) JOIN lectures ON (videos.lecture_id = lectures.id)
JOIN courses ON (lectures.course_id = courses.id) JOIN courses ON (lectures.course_id = courses.id)
LEFT JOIN auth ON (videos.id = auth.video_id OR lectures.id = auth.lecture_id OR courses.id = auth.course_id)
WHERE videos.path = ? WHERE videos.path = ?
AND (? OR (courses.visible AND lectures.visible AND videos.visible))''', AND (? OR (courses.visible AND lectures.visible AND videos.visible))
ORDER BY auth.video_id DESC, auth.lecture_id DESC, auth.course_id DESC''',
url, ismod()) url, ismod())
if videos and (url.startswith('pub') or ismod()): if not videos:
return "Not allowed", 403
allowed = False
types = []
auth = request.authorization
for video in videos:
if videos[0] and ((videos[0]['video_id'] and not video['video_id']) \
or (videos[0]['lecture_id'] and not video['lecture_id'])):
break
types.append(video['auth_type'])
if video['auth_type'] == 'public':
allowed = True
break
elif video['auth_type'] == 'password':
if auth and video['auth_user'] == auth.username and video['auth_passwd'] == auth.password:
allowed = True
break
if not types[0] or allowed or ismod() or \
(auth and check_mod(*ldapauth(auth.username, auth.password))):
return 'OK', 200
query('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.now(), videos[0]['id'], url) query('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.now(), videos[0]['id'], url)
return "OK", 200 elif 'password' in types:
elif url.endswith('jpg'): return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
return "OK", 200
else:
return "Not allowed", 403 return "Not allowed", 403
@app.route('/schedule') @app.route('/schedule')
@register_navbar('Drehplan', 'calendar') @register_navbar('Drehplan', 'calendar')
@mod_required @mod_required
...@@ -286,7 +307,6 @@ def schedule(): ...@@ -286,7 +307,6 @@ def schedule():
for i in range(s.hour*4,min(int((60*e.hour/15)/4)*4+5,24*4)): for i in range(s.hour*4,min(int((60*e.hour/15)/4)*4+5,24*4)):
t = i*15 t = i*15
times.append(time(int(t/60),t%60)) times.append(time(int(t/60),t%60))
return render_template('schedule.html',days=days,times=times,kw=kw) return render_template('schedule.html',days=days,times=times,kw=kw)
@app.route('/stats') @app.route('/stats')
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment