|
|
@@ -251,18 +251,23 @@ def method_update():
|
|
|
|
|
|
# Checks if the user has the permissions to use the requested method
|
|
|
def auth(user_id, method, kind):
|
|
|
+ # Check if user id is in auth files
|
|
|
+ # We suppose that every authorized user is ONLY IN A FILE!
|
|
|
user_type = ""
|
|
|
for file_name in ["150","Admin","Valhalla","Nirvana"]:
|
|
|
with open(DIR + "/auth/" + file_name) as f:
|
|
|
for line in f:
|
|
|
line = line.split()[0]
|
|
|
if int(line) == user_id:
|
|
|
+ # If present, we consider only the user type
|
|
|
user_type = file_name
|
|
|
break
|
|
|
if not user_type == "":
|
|
|
break
|
|
|
else:
|
|
|
+ # If not in auth files, the user cannot do anything
|
|
|
raise AuthError()
|
|
|
+ # Now we check the user type permissions
|
|
|
auth_list = toml.load(DIR + "/auth/auth.toml")[user_type]["auth"]
|
|
|
if not method + " " + kind in auth_list:
|
|
|
raise AuthError()
|
Paolo Galli