def decorated_function(*args, **kwargs): id = request.view_args.get('id') #perform additional permission checks if not current_app.config['LOGIN_DISABLED'] : if not current_user.check_admin(): return jsonify({'status': 0,'msg':'Not Authorized'}) return f(*args, **kwargs)
def decorated_function(*args, **kwargs): id = request.view_args.get('id') #perform additional permission checks if not current_app.config['LOGIN_DISABLED']: if not current_user.check_admin(): return jsonify({'status': 0, 'msg': 'Not Authorized'}) return f(*args, **kwargs)
def decorated_function(*args, **kwargs): id = request.view_args.get('id') siteid = request.view_args.get('siteid') #perform additional permission checks if not current_app.config['LOGIN_DISABLED']: if not current_user.check_admin(): return jsonify({'status': 0, 'msg': 'Not Authorized'}) wifisite = Wifisite.query.filter_by(id=siteid).first() if not wifisite: current_app.logger.debug( "Trying to acess unknown site ID:%s " % (request.url)) abort(404) #check if File ID is belongs to the site if id is not None: filetocheck = Sitefile.query.filter_by(id=id).first() if not filetocheck: current_app.logger.debug( "Trying to access unknown File:%s " % (request.url)) abort(404) if filetocheck.site_id != wifisite.id: current_app.logger.debug( "Trying to access file which is not connected to the site ID specified URL:%s " % (request.url)) abort(401) return f(*args, **kwargs)
def decorated_function(*args, **kwargs): id = request.view_args.get('id') siteid = request.view_args.get('siteid') wifisite = Wifisite.query.filter_by(id=siteid).first() if not wifisite: current_app.logger.debug( "Client is trying to unknown site ID:%s " % (request.url)) abort(404) #admin user can have full access #perform additional permission checks if not current_app.config['LOGIN_DISABLED']: if not current_user.check_admin(): return jsonify({'status': 0, 'msg': 'Not Authorized'}) if id: #check if site ID is owned by the client #check if landingpage ID is belongs to the site landpage = Landingpage.query.filter_by(id=id).first() if not landpage: current_app.logger.debug( "Trying to aceess invalid landingpage ID:%s " % (request.url)) abort(404) if landpage.site_id != wifisite.id: current_app.logger.debug( "Trying to aceess invalid landingpage ID:%s " % (request.url)) abort(401) return f(*args, **kwargs)
def decorated_function(*args, **kwargs): id = request.view_args.get('id') #perform additional permission checks if not current_app.config['LOGIN_DISABLED'] : if not current_user.check_admin(): return jsonify({'status': 0,'msg':'Not Authorized'}) if id: client = Client.query.filter_by(id=id).first() if not client or client.account_id != current_user.account_id: current_app.logger.error("Admin User ID:%s trying to access unauthorized client:%s URL:%s"%(current_user.id,id,request.url)) return jsonify({'status': 0,'msg':'Not Authorized'}) return f(*args, **kwargs)
def decorated_function(*args, **kwargs): id = request.view_args.get('id') siteid = request.view_args.get('siteid') wifisite = Wifisite.query.filter_by(id=siteid).first() if not wifisite: current_app.logger.debug("Client is trying to unknown site ID:%s "%(request.url)) abort(404) #admin user can have full access #perform additional permission checks if not current_app.config['LOGIN_DISABLED']: if not current_user.check_admin() and wifisite.client_id != current_user.id: return jsonify({'status': 0,'msg':'Not Authorized'}) return f(*args, **kwargs)
def decorated_function(*args, **kwargs): id = request.view_args.get('id') #perform additional permission checks if not current_app.config['LOGIN_DISABLED']: if not current_user.check_admin(): return jsonify({'status': 0, 'msg': 'Not Authorized'}) if id: client = Client.query.filter_by(id=id).first() if not client or client.account_id != current_user.account_id: current_app.logger.error( "Admin User ID:%s trying to access unauthorized client:%s URL:%s" % (current_user.id, id, request.url)) return jsonify({'status': 0, 'msg': 'Not Authorized'}) return f(*args, **kwargs)
def decorated_function(*args, **kwargs): id = request.view_args.get('id') siteid = request.view_args.get('siteid') #perform additional permission checks if not current_app.config['LOGIN_DISABLED']: if not current_user.check_admin(): return jsonify({'status': 0,'msg':'Not Authorized'}) wifisite = Wifisite.query.filter_by(id=siteid).first() if not wifisite: current_app.logger.debug("Trying to acess unknown site ID:%s "%(request.url)) abort(404) #check if File ID is belongs to the site if id is not None: filetocheck = Sitefile.query.filter_by(id=id).first() if not filetocheck: current_app.logger.debug("Trying to access unknown File:%s "%(request.url)) abort(404) if filetocheck.site_id != wifisite.id: current_app.logger.debug("Trying to access file which is not connected to the site ID specified URL:%s "%(request.url)) abort(401) return f(*args, **kwargs)
def decorated_function(*args, **kwargs): id = request.view_args.get('id') siteid = request.view_args.get('siteid') wifisite = Wifisite.query.filter_by(id=siteid).first() if not wifisite: current_app.logger.debug("Client is trying to unknown site ID:%s "%(request.url)) abort(404) #admin user can have full access #perform additional permission checks if not current_app.config['LOGIN_DISABLED']: if not current_user.check_admin(): return jsonify({'status': 0,'msg':'Not Authorized'}) if id: #check if site ID is owned by the client #check if landingpage ID is belongs to the site landpage = Landingpage.query.filter_by(id=id).first() if not landpage: current_app.logger.debug("Trying to aceess invalid landingpage ID:%s "%(request.url)) abort(404) if landpage.site_id != wifisite.id: current_app.logger.debug("Trying to aceess invalid landingpage ID:%s "%(request.url)) abort(401) return f(*args, **kwargs)