Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
W
website
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Deploy
Releases
Container registry
Model registry
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Video AG Infrastruktur
website
Commits
bc071d3e
Commit
bc071d3e
authored
8 years ago
by
Julian Rother
Browse files
Options
Downloads
Patches
Plain Diff
Rewrote video permission checking
parent
066ffe2d
No related branches found
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
server.py
+78
-26
78 additions, 26 deletions
server.py
with
78 additions
and
26 deletions
server.py
+
78
−
26
View file @
bc071d3e
...
...
@@ -69,6 +69,72 @@ def mod_required(func):
return
func
(
*
args
,
**
kwargs
)
return
decorator
def
evalauth
(
auths
):
cauths
=
[]
lauths
=
[]
vauths
=
[]
for
auth
in
auths
:
if
auth
[
'
course_id
'
]:
cauths
.
append
(
auth
)
elif
auth
[
'
lecture_id
'
]:
lauths
.
append
(
auth
)
elif
auth
[
'
video_id
'
]:
vauths
.
append
(
auth
)
if
vauths
:
return
vauths
elif
lauths
:
return
lauths
elif
cauths
:
return
cauths
return
[{
'
auth_type
'
:
'
public
'
}]
@app.template_filter
()
def
checkauth
(
auths
,
username
=
None
,
password
=
None
):
auths
=
evalauth
(
auths
)
for
auth
in
auths
:
if
auth
[
'
auth_type
'
]
==
'
public
'
:
return
True
elif
auth
[
'
auth_type
'
]
==
'
password
'
:
if
auth
[
'
auth_user
'
]
==
username
and
auth
[
'
auth_password
'
]
==
password
:
return
True
elif
auth
[
'
auth_type
'
]
==
'
l2p
'
:
if
auth
[
'
auth_param
'
]
in
session
.
get
(
'
l2p_courses
'
,
[]):
return
True
elif
auth
[
'
auth_type
'
]
==
'
rwth
'
:
if
session
.
get
(
'
rwthintern
'
,
False
):
return
True
return
False
@app.template_filter
()
def
authdescr
(
auths
):
auths
=
evalauth
(
auths
)
public
=
False
password
=
False
l2p_courses
=
[]
rwth_intern
=
False
for
auth
in
auths
:
if
auth
[
'
auth_type
'
]
==
'
public
'
:
public
=
True
elif
auth
[
'
auth_type
'
]
==
'
password
'
:
password
=
True
elif
auth
[
'
auth_type
'
]
==
'
l2p
'
:
l2p_courses
.
append
(
auth
[
'
auth_param
'
])
elif
auth
[
'
auth_type
'
]
==
'
rwth
'
:
rwth_intern
=
True
if
public
or
not
auths
:
return
'
public
'
,
'
Öffentlich verfügbar
'
if
rwth_intern
:
if
password
:
return
'
rwth
'
,
'
Nur für RWTH-Angehörige und Nutzer mit Passwort verfügbar
'
return
'
rwth
'
,
'
Nur für RWTH-Angehörige verfügbar
'
if
l2p_courses
:
if
password
:
return
'
rwth
'
,
'
Nur für Teilnehmer der Veranstaltung und Nutzer mit Passwort verfügbar
'
return
'
rwth
'
,
'
Nur für Teilnehmer der Veranstaltung verfügbar
'
if
password
:
return
'
password
'
,
'
Nur für Nutzer mit Passwort verfügbar
'
return
'
public
'
,
'
Öffentlich verfügbar
'
app
.
jinja_env
.
globals
[
'
navbar
'
]
=
[]
# iconlib can be 'bootstrap'
# ( see: http://getbootstrap.com/components/#glyphicons )
...
...
@@ -361,7 +427,7 @@ def auth(): # For use with nginx auth_request
ip
=
request
.
headers
.
get
(
'
X-Real-IP
'
,
''
)
if
url
.
endswith
(
'
jpg
'
):
return
"
OK
"
,
200
videos
=
query
(
'''
SELECT videos.path, videos.id,
lectures.id AS lecture_id, courses.id AS course_id,
auth.*
videos
=
query
(
'''
SELECT videos.path, videos.id, auth.*
FROM videos
JOIN lectures ON (videos.lecture_id = lectures.id)
JOIN courses ON (lectures.course_id = courses.id)
...
...
@@ -372,34 +438,20 @@ def auth(): # For use with nginx auth_request
url
,
ismod
())
if
not
videos
:
return
"
Not allowed
"
,
403
allowed
=
False
types
=
[]
auth
=
request
.
authorization
for
video
in
videos
:
if
videos
[
0
]
and
((
videos
[
0
][
'
video_id
'
]
and
not
video
[
'
video_id
'
])
\
or
(
videos
[
0
][
'
lecture_id
'
]
and
not
video
[
'
lecture_id
'
])):
break
types
.
append
(
video
[
'
auth_type
'
])
if
video
[
'
auth_type
'
]
==
'
public
'
:
allowed
=
True
break
elif
video
[
'
auth_type
'
]
==
'
password
'
:
if
auth
and
video
[
'
auth_user
'
]
==
auth
.
username
and
video
[
'
auth_passwd
'
]
==
auth
.
password
:
allowed
=
True
break
elif
video
[
'
auth_type
'
]
==
'
l2p
'
:
if
video
[
'
auth_param
'
]
in
session
.
get
(
'
l2p_courses
'
,
[]):
allowed
=
True
break
elif
video
[
'
auth_type
'
]
==
'
rwth
'
:
if
session
.
get
(
'
rwthintern
'
,
False
):
allowed
=
True
break
if
not
types
[
0
]
or
allowed
or
ismod
()
or
\
(
auth
and
check_mod
(
*
ldapauth
(
auth
.
username
,
auth
.
password
))):
username
=
password
=
None
if
auth
:
username
=
auth
.
username
password
=
auth
.
password
if
checkauth
(
videos
,
username
=
username
,
password
=
password
):
return
'
OK
'
,
200
modify
(
'
INSERT INTO log VALUES (?,
""
, ?,
"
video
"
, ?, ?)
'
,
ip
,
datetime
.
now
(),
videos
[
0
][
'
id
'
],
url
)
elif
'
password
'
in
types
:
password_auth
=
False
for
video
in
videos
:
if
video
[
'
auth_type
'
]
==
'
password
'
:
password_auth
=
True
break
if
password_auth
:
return
Response
(
"
Login required
"
,
401
,
{
'
WWW-Authenticate
'
:
'
Basic realm=
"
Login Required
"'
})
return
"
Not allowed
"
,
403
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
