def getAvatarResource(self, avatar_id, mind):
# This check is complicated a bit by web UI access control; admin may not
# be allowed to access web UI admin part from public and/or private interface.
# The check we do is against our local address (obtained from mind.request).
#
# If access is prohibited, the resource returned from here will prevent access
# to all parts of the admin hierarchy. Nevertheless, there is an extra check
# there, too.
if mind.isLocal():
# local connections always accepted
return AdminHierarchy(self.master, mind)
else:
# remote connection
if not mind.request.isSecure():
# don't allow non-ssl access
return loginpages.AccessProhibited()
if avatar_id is checkers.ANONYMOUS:
# no authentication yet
_log.debug('remote connection, mind anonymous')
try:
if uihelpers.check_request_local_address_against_config(
mind.request):
_log.debug('-> admin login')
return loginpages.AdminLogin()
else:
_log.debug('-> admin prohibited')
return loginpages.AccessProhibited()
except:
_log.exception(
'failed in checking adminrealm access control')
return loginpages.AccessProhibited()
else:
# authenticated already - still check access
_log.debug('remote connection, mind authenticated')
try:
if uihelpers.check_request_local_address_against_config(
mind.request):
_log.debug('-> admin ok')
return AdminHierarchy(self.master, mind)
else:
# This page is not very pretty, but the intent is for the web UI
# not to give an option to attempt login or access when it is not
# allowed.
_log.debug('-> admin prohibited')
return loginpages.AccessProhibited()
except:
_log.exception(
'failed in checking adminrealm access control')
return loginpages.AccessProhibited()
def getAvatarResource(self, avatar_id, mind):
# This check is complicated a bit by web UI access control; admin may not
# be allowed to access web UI admin part from public and/or private interface.
# The check we do is against our local address (obtained from mind.request).
#
# If access is prohibited, the resource returned from here will prevent access
# to all parts of the admin hierarchy. Nevertheless, there is an extra check
# there, too.
if mind.isLocal():
# local connections always accepted
return AdminHierarchy(self.master, mind)
else:
# remote connection
if not mind.request.isSecure():
# don't allow non-ssl access
return loginpages.AccessProhibited()
if avatar_id is checkers.ANONYMOUS:
# no authentication yet
_log.debug('remote connection, mind anonymous')
try:
if uihelpers.check_request_local_address_against_config(mind.request):
_log.debug('-> admin login')
return loginpages.AdminLogin()
else:
_log.debug('-> admin prohibited')
return loginpages.AccessProhibited()
except:
_log.exception('failed in checking adminrealm access control')
return loginpages.AccessProhibited()
else:
# authenticated already - still check access
_log.debug('remote connection, mind authenticated')
try:
if uihelpers.check_request_local_address_against_config(mind.request):
_log.debug('-> admin ok')
return AdminHierarchy(self.master, mind)
else:
# This page is not very pretty, but the intent is for the web UI
# not to give an option to attempt login or access when it is not
# allowed.
_log.debug('-> admin prohibited')
return loginpages.AccessProhibited()
except:
_log.exception('failed in checking adminrealm access control')
return loginpages.AccessProhibited()
def render_adminlogin_disabled(self, ctx, data):
if uihelpers.check_request_local_address_against_config(inevow.IRequest(ctx)):
return ''
else:
return ctx.tag
