only allow people with access rights to login via wordpress #768
@ -13,6 +13,7 @@ INSERT INTO "role" (name) VALUES ('kassier');
|
|||||||
INSERT INTO "role" (name) VALUES ('schriftfuehrer');
|
INSERT INTO "role" (name) VALUES ('schriftfuehrer');
|
||||||
INSERT INTO "role" (name) VALUES ('no-einschreibgebuehr');
|
INSERT INTO "role" (name) VALUES ('no-einschreibgebuehr');
|
||||||
INSERT INTO "role" (name) VALUES ('schnupper-betreuer');
|
INSERT INTO "role" (name) VALUES ('schnupper-betreuer');
|
||||||
|
INSERT INTO "role" (name) VALUES ('allow_website_login');
|
||||||
INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
|
INSERT INTO "user" (name, pw) VALUES('admin', '$argon2id$v=19$m=19456,t=2,p=1$dS/X5/sPEKTj4Rzs/CuvzQ$4P4NCw4Ukhv80/eQYTsarHhnw61JuL1KMx/L9dm82YM');
|
||||||
INSERT INTO "user_role" (user_id, role_id) VALUES(1,1);
|
INSERT INTO "user_role" (user_id, role_id) VALUES(1,1);
|
||||||
INSERT INTO "user_role" (user_id, role_id) VALUES(1,2);
|
INSERT INTO "user_role" (user_id, role_id) VALUES(1,2);
|
||||||
|
@ -106,10 +106,18 @@ async fn steering(db: &State<SqlitePool>, user: User, flash: Option<FlashMessage
|
|||||||
|
|
||||||
#[post("/", data = "<login>")]
|
#[post("/", data = "<login>")]
|
||||||
async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String {
|
async fn wikiauth(db: &State<SqlitePool>, login: Form<LoginForm<'_>>) -> String {
|
||||||
match User::login(db, login.name, login.password).await {
|
if let Ok(user) = User::login(db, login.name, login.password).await {
|
||||||
Ok(_) => "SUCC".into(),
|
if user.has_role(db, "allow_website_login").await {
|
||||||
Err(_) => "FAIL".into(),
|
return String::from("SUCC");
|
||||||
}
|
}
|
||||||
|
if user.has_role(db, "admin").await {
|
||||||
|
return String::from("SUCC");
|
||||||
|
}
|
||||||
|
if user.has_role(db, "Vorstand").await {
|
||||||
|
return String::from("SUCC");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
"FAIL".into()
|
||||||
}
|
}
|
||||||
|
|
||||||
#[catch(401)] //Unauthorized
|
#[catch(401)] //Unauthorized
|
||||||
|
Loading…
Reference in New Issue
Block a user