Fix in BC with User URL match list

dev-linux
Ivan Maslov 4 years ago
parent 8487d6e485
commit f72b20a490

@ -146,7 +146,8 @@ def UserAccessCheckBefore(inMethod, inRequest):
########################################
#Check general before rule (without User domain)
#Check rules
for lAccessRuleItem in gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", []):
inRuleMatchURLList = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleMethodMatchURLBeforeList", [])
for lAccessRuleItem in inRuleMatchURLList:
#Go next execution if flag is false
if not lResult:
#Check if Method is identical
@ -178,7 +179,9 @@ def UserAccessCheckBefore(inMethod, inRequest):
#Check access by User Domain
#Check rules to find first appicable
#Check rules
for lAccessRuleItem in gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", []):
lMethodMatchURLList = gSettingsDict.get("ServerDict", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lUserDict["Domain"].upper(), lUserDict["User"].upper()), {}).get("MethodMatchURLBeforeList", [])
if len(lMethodMatchURLList) > 0:
for lAccessRuleItem in lMethodMatchURLList:
#Go next execution if flag is false
if not lResult:
#Check if Method is identical
@ -203,6 +206,8 @@ def UserAccessCheckBefore(inMethod, inRequest):
elif lAccessRuleItem["MatchType"].upper() == "EQUALCASE":
if lAccessRuleItem["URL"] == inRequest.path:
lResult = HelpGetFlag(lAccessRuleItem, inRequest, gSettingsDict, lUserDict)
else:
return True
#####################################
#####################################
#Return lResult

@ -171,23 +171,12 @@ def UACKeyListCheck(inRequest, inRoleKeyList):
# Update user access
def UACUpdate(inGSettings, inADLoginStr, inADStr="", inADIsDefaultBool=True, inURLList=[], inRoleHierarchyAllowedDict={}):
lUserTurple = (inADStr.upper(),inADLoginStr.upper()) # Create turple key for inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"]
if inURLList==[] and lUserTurple not in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"]: # Backward compatibility if user is not exist
inURLList=[
{
"Method": "GET",
"MatchType": "Beginwith",
"URL": "/",
# "FlagAccessDefRequestGlobalAuthenticate": TestDef
"FlagAccess": True
},
{
"Method": "POST",
"MatchType": "Beginwith",
"URL": "/",
# "FlagAccessDefRequestGlobalAuthenticate": TestDef
"FlagAccess": True
}
]
if inURLList is None: inURLList = [] # Check if None
# Get the old URLList
try:
inURLList += inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]["MethodMatchURLBeforeList"]
except:
pass
# Check RoleHierarchyAllowedDict in gSettings for the old role hierarchy - include in result.
if lUserTurple in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"] and "RoleHierarchyAllowedDict" in inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]:
lRoleHierarchyAllowedOLDDict = inGSettings["ServerDict"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]["RoleHierarchyAllowedDict"]

Loading…
Cancel
Save