Commit d04b45a2 authored by Julian Rother's avatar Julian Rother
Browse files

Allow all moderators full video access

parent 5502aae6
......@@ -116,6 +116,8 @@ def evalperm(perms):
@app.template_filter()
def checkperm(perms, username=None, password=None):
if ismod():
return True
perms = evalperm(perms)
for perm in perms:
if perm['type'] == 'public':
......@@ -501,7 +503,7 @@ def auth(): # For use with nginx auth_request
return 'Internal Server Error', 500
url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
ip = request.headers.get('X-Real-IP', '')
if url.endswith('jpg'):
if url.endswith('jpg') or ismod():
return "OK", 200
perms = query('''SELECT videos.path, videos.id AS vid, perm.*
FROM videos
......@@ -509,10 +511,9 @@ def auth(): # For use with nginx auth_request
JOIN courses ON (lectures.course_id = courses.id)
LEFT JOIN perm ON (videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id)
WHERE videos.path = ?
AND (? OR (courses.visible AND lectures.visible AND videos.visible))
AND (courses.visible AND lectures.visible AND videos.visible)
ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''',
url, ismod())
url)
if not perms:
return "Not allowed", 403
auth = request.authorization
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment