def getAvatarResource(self, avatar_id, mind): # This check is complicated a bit by web UI access control; admin may not # be allowed to access web UI admin part from public and/or private interface. # The check we do is against our local address (obtained from mind.request). # # If access is prohibited, the resource returned from here will prevent access # to all parts of the admin hierarchy. Nevertheless, there is an extra check # there, too. if mind.isLocal(): # local connections always accepted return AdminHierarchy(self.master, mind) else: # remote connection if not mind.request.isSecure(): # don't allow non-ssl access return loginpages.AccessProhibited() if avatar_id is checkers.ANONYMOUS: # no authentication yet _log.debug('remote connection, mind anonymous') try: if uihelpers.check_request_local_address_against_config( mind.request): _log.debug('-> admin login') return loginpages.AdminLogin() else: _log.debug('-> admin prohibited') return loginpages.AccessProhibited() except: _log.exception( 'failed in checking adminrealm access control') return loginpages.AccessProhibited() else: # authenticated already - still check access _log.debug('remote connection, mind authenticated') try: if uihelpers.check_request_local_address_against_config( mind.request): _log.debug('-> admin ok') return AdminHierarchy(self.master, mind) else: # This page is not very pretty, but the intent is for the web UI # not to give an option to attempt login or access when it is not # allowed. _log.debug('-> admin prohibited') return loginpages.AccessProhibited() except: _log.exception( 'failed in checking adminrealm access control') return loginpages.AccessProhibited()
def getAvatarResource(self, avatar_id, mind): # This check is complicated a bit by web UI access control; admin may not # be allowed to access web UI admin part from public and/or private interface. # The check we do is against our local address (obtained from mind.request). # # If access is prohibited, the resource returned from here will prevent access # to all parts of the admin hierarchy. Nevertheless, there is an extra check # there, too. if mind.isLocal(): # local connections always accepted return AdminHierarchy(self.master, mind) else: # remote connection if not mind.request.isSecure(): # don't allow non-ssl access return loginpages.AccessProhibited() if avatar_id is checkers.ANONYMOUS: # no authentication yet _log.debug('remote connection, mind anonymous') try: if uihelpers.check_request_local_address_against_config(mind.request): _log.debug('-> admin login') return loginpages.AdminLogin() else: _log.debug('-> admin prohibited') return loginpages.AccessProhibited() except: _log.exception('failed in checking adminrealm access control') return loginpages.AccessProhibited() else: # authenticated already - still check access _log.debug('remote connection, mind authenticated') try: if uihelpers.check_request_local_address_against_config(mind.request): _log.debug('-> admin ok') return AdminHierarchy(self.master, mind) else: # This page is not very pretty, but the intent is for the web UI # not to give an option to attempt login or access when it is not # allowed. _log.debug('-> admin prohibited') return loginpages.AccessProhibited() except: _log.exception('failed in checking adminrealm access control') return loginpages.AccessProhibited()
def render_adminlogin_disabled(self, ctx, data): if uihelpers.check_request_local_address_against_config(inevow.IRequest(ctx)): return '' else: return ctx.tag