Fix in BC with User URL match list

4 years ago · f72b20a490
parent 8487d6e485
commit f72b20a490
2 changed files with 37 additions and 43 deletions
--- a/Sources/pyOpenRPA/Orchestrator/Server.py
+++ b/Sources/pyOpenRPA/Orchestrator/Server.py
@ -146,7 +146,8 @@ def UserAccessCheckBefore(inMethod, inRequest):
    ########################################
    #Check general before rule (without User domain)
    #Check rules
-    for lAccessRuleItem in gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", []):
+    inRuleMatchURLList = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", [])
    for lAccessRuleItem in inRuleMatchURLList:
        #Go next execution if flag is false
        if not lResult:
            #Check if Method is identical
@ -178,31 +179,35 @@ def UserAccessCheckBefore(inMethod, inRequest):
        #Check access by User Domain
        #Check rules to find first appicable
        #Check rules
-        for lAccessRuleItem in gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", []):
+        lMethodMatchURLList = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", [])
-            #Go next execution if flag is false
+        if len(lMethodMatchURLList) > 0:
-            if not lResult:
+            for lAccessRuleItem in lMethodMatchURLList:
-                #Check if Method is identical
+                #Go next execution if flag is false
-                if lAccessRuleItem["Method"].upper() == inMethod:
+                if not lResult:
-                    #check Match type variant: BeginWith
+                    #Check if Method is identical
-                    if lAccessRuleItem["MatchType"].upper() == "BEGINWITH":
+                    if lAccessRuleItem["Method"].upper() == inMethod:
-                        lURLPath = inRequest.path
+                        #check Match type variant: BeginWith
-                        lURLPath = lURLPath.upper()
+                        if lAccessRuleItem["MatchType"].upper() == "BEGINWITH":
-                        if lURLPath.startswith(lAccessRuleItem["URL"].upper()):
+                            lURLPath = inRequest.path
-                            lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
+                            lURLPath = lURLPath.upper()
-                    #check Match type variant: Contains
+                            if lURLPath.startswith(lAccessRuleItem["URL"].upper()):
-                    elif lAccessRuleItem["MatchType"].upper() == "CONTAINS":
+                                lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
-                        lURLPath = inRequest.path
+                        #check Match type variant: Contains
-                        lURLPath = lURLPath.upper()
+                        elif lAccessRuleItem["MatchType"].upper() == "CONTAINS":
-                        if lURLPath.contains(lAccessRuleItem["URL"].upper()):
+                            lURLPath = inRequest.path
-                            lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
+                            lURLPath = lURLPath.upper()
-                    # check Match type variant: Equal
+                            if lURLPath.contains(lAccessRuleItem["URL"].upper()):
-                    elif lAccessRuleItem["MatchType"].upper() == "EQUAL":
+                                lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
-                        if lAccessRuleItem["URL"].upper() == inRequest.path.upper():
+                        # check Match type variant: Equal
-                            lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
+                        elif lAccessRuleItem["MatchType"].upper() == "EQUAL":
-                    # check Match type variant: EqualCase
+                            if lAccessRuleItem["URL"].upper() == inRequest.path.upper():
-                    elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
+                                lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
-                        if lAccessRuleItem["URL"] == inRequest.path:
+                        # check Match type variant: EqualCase
-                            lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
+                        elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
                            if lAccessRuleItem["URL"] == inRequest.path:
                                lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
        else:
            return True
    #####################################
    #####################################
    #Return lResult
--- a/Sources/pyOpenRPA/Orchestrator/Orchestrator.py
+++ b/Sources/pyOpenRPA/Orchestrator/Orchestrator.py
@ -171,23 +171,12 @@ def UACKeyListCheck(inRequest, inRoleKeyList):
 # Update user access
 def UACUpdate(inGSettings, inADLoginStr, inADStr="", inADIsDefaultBool=True, inURLList=[], inRoleHierarchyAllowedDict={}):
    lUserTurple = (inADStr.upper(),inADLoginStr.upper()) # Create turple key for inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"]
-    if inURLList==[] and lUserTurple not in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"]: # Backward compatibility if user is not exist
+    if inURLList is None: inURLList = [] # Check if None
-        inURLList=[
+    # Get the old URLList
-            {
+    try:
-                "Method": "GET",
+        inURLList += inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]["MethodMatchURLBeforeList"]
-                "MatchType": "Beginwith",
+    except:
-                "URL": "/",
+        pass
                # "FlagAccessDefRequestGlobalAuthenticate": TestDef
                "FlagAccess": True
            },
            {
                "Method": "POST",
                "MatchType": "Beginwith",
                "URL": "/",
                # "FlagAccessDefRequestGlobalAuthenticate": TestDef
                "FlagAccess": True
            }
        ]
    # Check RoleHierarchyAllowedDict in gSettings for the old role hierarchy - include in result.
    if lUserTurple in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"] and "RoleHierarchyAllowedDict" in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]:
        lRoleHierarchyAllowedOLDDict = inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]["RoleHierarchyAllowedDict"]