wip(auth): check authorization

- if denied returns false - if allowed continues until en or false - if no matches returns default issue #916

wip(auth): check authorization
- if denied returns false - if allowed continues until en or false - if no matches returns default issue #916
7a8ad2f8 · Francesc Guasch · 420bc45e · 7a8ad2f8
Commit 7a8ad2f8 authored Nov 05, 2018 by Francesc Guasch
--- a/lib/Ravada/Auth/User.pm
+++ b/lib/Ravada/Auth/User.pm
@@ -335,6 +335,29 @@ sub _load_allowed {
        if ($ldap_entry && defined $ldap_entry->get_value($attribute)
                && $ldap_entry->get_value($attribute) eq $value ) {
            $self->{_allowed}->{$id_domain} = $allowed;
+            $n_allowed++ if $allowed;
+            $n_denied++ if !$allowed;
+
+            if ( $value eq '*' ) {
+                $self->{_allowed}->{$id_domain} = $allowed
+                    if !exists $self->{_allowed}->{$id_domain};
+                last;
+            } elsif ( $ldap_entry && defined $ldap_entry->get_value($attribute)
+                    && $ldap_entry->get_value($attribute) eq $value ) {
+
+                $self->{_allowed}->{$id_domain} = $allowed;
+
+                last if !$allowed;
+            }
+        }
+        $sth->finish;
+        next if defined $self->{_allowed}->{$id_domain};
+        if ($n_allowed && $n_denied) {
+            warn "WARNING: No default access attribute for domain $id_domain";
+            next;
+        }
+        if ($n_allowed && !$n_denied) {
+            $self->{_allowed}->{$id_domain} = 0;
        } else {
            $self->{_allowed}->{$id_domain} = 0;
        }