Commit 7a8ad2f8 authored by Francesc Guasch's avatar Francesc Guasch
Browse files

wip(auth): check authorization

- if denied returns false
- if allowed continues until en or false
- if no matches returns default

issue #916
parent 420bc45e
......@@ -335,6 +335,29 @@ sub _load_allowed {
if ($ldap_entry && defined $ldap_entry->get_value($attribute)
&& $ldap_entry->get_value($attribute) eq $value ) {
$self->{_allowed}->{$id_domain} = $allowed;
$n_allowed++ if $allowed;
$n_denied++ if !$allowed;
if ( $value eq '*' ) {
$self->{_allowed}->{$id_domain} = $allowed
if !exists $self->{_allowed}->{$id_domain};
last;
} elsif ( $ldap_entry && defined $ldap_entry->get_value($attribute)
&& $ldap_entry->get_value($attribute) eq $value ) {
$self->{_allowed}->{$id_domain} = $allowed;
last if !$allowed;
}
}
$sth->finish;
next if defined $self->{_allowed}->{$id_domain};
if ($n_allowed && $n_denied) {
warn "WARNING: No default access attribute for domain $id_domain";
next;
}
if ($n_allowed && !$n_denied) {
$self->{_allowed}->{$id_domain} = 0;
} else {
$self->{_allowed}->{$id_domain} = 0;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment