Commit d04b45a2 authored by Julian Rother's avatar Julian Rother
Browse files

Allow all moderators full video access

parent 5502aae6
...@@ -116,6 +116,8 @@ def evalperm(perms): ...@@ -116,6 +116,8 @@ def evalperm(perms):
@app.template_filter() @app.template_filter()
def checkperm(perms, username=None, password=None): def checkperm(perms, username=None, password=None):
if ismod():
return True
perms = evalperm(perms) perms = evalperm(perms)
for perm in perms: for perm in perms:
if perm['type'] == 'public': if perm['type'] == 'public':
...@@ -501,7 +503,7 @@ def auth(): # For use with nginx auth_request ...@@ -501,7 +503,7 @@ def auth(): # For use with nginx auth_request
return 'Internal Server Error', 500 return 'Internal Server Error', 500
url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX']) url = request.headers['X-Original-Uri'].lstrip(config['VIDEOPREFIX'])
ip = request.headers.get('X-Real-IP', '') ip = request.headers.get('X-Real-IP', '')
if url.endswith('jpg'): if url.endswith('jpg') or ismod():
return "OK", 200 return "OK", 200
perms = query('''SELECT videos.path, videos.id AS vid, perm.* perms = query('''SELECT videos.path, videos.id AS vid, perm.*
FROM videos FROM videos
...@@ -509,10 +511,9 @@ def auth(): # For use with nginx auth_request ...@@ -509,10 +511,9 @@ def auth(): # For use with nginx auth_request
JOIN courses ON (lectures.course_id = courses.id) JOIN courses ON (lectures.course_id = courses.id)
LEFT JOIN perm ON (videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id) LEFT JOIN perm ON (videos.id = perm.video_id OR lectures.id = perm.lecture_id OR courses.id = perm.course_id)
WHERE videos.path = ? WHERE videos.path = ?
AND (? OR (courses.visible AND lectures.visible AND videos.visible)) AND (courses.visible AND lectures.visible AND videos.visible)
ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''', ORDER BY perm.video_id DESC, perm.lecture_id DESC, perm.course_id DESC''',
url, ismod()) url)
if not perms: if not perms:
return "Not allowed", 403 return "Not allowed", 403
auth = request.authorization auth = request.authorization
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment