Ajout d'un groupe `nologin` (corrige #22)
Les comptes GLaDOS et PlanèteCasio sont automatiquement ajoutés au groupe "No login", qui empêche l'utilisateur de se connecter, et ce même si les identifiants sont corrects.
This commit is contained in:
parent
6d43d742c8
commit
2e80a56596
GPG Key ID:
F61F10FA138E797C
|
|
@ -1,6 +1,6 @@
|
|||
-
|
||||
name: Administrateur
|
||||
css: "color: #ee0000"
|
||||
css: "color: #ee0000;"
|
||||
descr: "Vous voyez Chuck Norris ? Pareil."
|
||||
privs: access-admin-board access-assoc-board write-news
|
||||
upload-shared-files delete-shared-files
|
||||
|
|
@ -14,7 +14,7 @@
|
|||
delete_notification
|
||||
-
|
||||
name: Modérateur
|
||||
css: "color: green"
|
||||
css: "color: green;"
|
||||
descr: "Maîtres du kick, ils sont là pour faire respecter un semblant d'ordre."
|
||||
privs: access-admin-board
|
||||
edit-posts delete-posts
|
||||
|
|
@ -24,7 +24,7 @@
|
|||
unlimited-pms
|
||||
-
|
||||
name: Développeur
|
||||
css: "color: #4169e1"
|
||||
css: "color: #4169e1;"
|
||||
descr: "Les développeurs maintiennent et améliorent le code du site."
|
||||
privs: access-admin-board
|
||||
upload-shared-files delete-shared-files
|
||||
|
|
@ -34,7 +34,7 @@
|
|||
access-admin-panel
|
||||
-
|
||||
name: Rédacteur
|
||||
css: "color: blue"
|
||||
css: "color: blue;"
|
||||
descr: "Rédigent les meilleurs articles de la page d'accueil, rien que pour
|
||||
vous <3"
|
||||
privs: access-admin-board write-news
|
||||
|
|
@ -43,7 +43,7 @@
|
|||
showcase-content edit-static-content
|
||||
-
|
||||
name: Responsable communauté
|
||||
css: "color: DarkOrange"
|
||||
css: "color: DarkOrange;"
|
||||
descr: "Anime les pages Twitter et Facebook de Planète Casio et surveille
|
||||
l'évolution du monde autour de nous !"
|
||||
privs: access-admin-board write-news
|
||||
|
|
@ -52,22 +52,26 @@
|
|||
showcase-content
|
||||
-
|
||||
name: Partenaire
|
||||
css: "color: purple"
|
||||
css: "color: purple;"
|
||||
descr: "Membres de l'équipe d'administration des sites partenaires."
|
||||
privs: write-news
|
||||
upload-shared-files delete-shared-files
|
||||
scheduled-posting
|
||||
-
|
||||
name: Compte communautaire
|
||||
css: "background:#d8d8d8; border-radius:4px; color:#303030; padding:1px 2px"
|
||||
css: "background:#d8d8d8; border-radius:4px; color:#303030; padding:1px 2px;"
|
||||
descr: "Compte à usage général de l'équipe de Planète Casio."
|
||||
-
|
||||
name: Robot
|
||||
css: "color: #cf25d0"
|
||||
css: "color: #cf25d0;"
|
||||
descr: "♫ Je suis Nono, le petit robot, l'ami d'Ulysse ♫"
|
||||
privs: shoutbox-post shoutbox-kick shoutbox-ban
|
||||
-
|
||||
name: Membre de CreativeCalc
|
||||
css: "color: #222222"
|
||||
css: "color: #222222;"
|
||||
descr: "CreativeCalc est l'association qui gère Planète Casio."
|
||||
privs: access-assoc-board
|
||||
-
|
||||
name: No login
|
||||
css: "color: #888888;"
|
||||
descr: "Compte dont l'accès au site est désactivé."
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ from flask_login import login_user, logout_user, login_required, current_user
|
|||
from app import app
|
||||
from app.forms.login import LoginForm
|
||||
from app.models.users import Member
|
||||
from app.models.privs import Group
|
||||
from app.utils.render import render
|
||||
|
||||
|
||||
|
|
@ -14,16 +15,39 @@ def login():
|
|||
form = LoginForm()
|
||||
if form.validate_on_submit():
|
||||
member = Member.query.filter_by(name=form.username.data).first()
|
||||
|
||||
# Check if member can login
|
||||
if "No login" in [g.name for g in member.groups]:
|
||||
flash('Cet utilisateur ne peut pas se connecter', 'error')
|
||||
if request.referrer:
|
||||
return redirect(request.referrer)
|
||||
return redirect(url_for('index'))
|
||||
|
||||
# Check if password is ok
|
||||
if member is None or not member.check_password(form.password.data):
|
||||
flash('Pseudo ou mot de passe invalide', 'error')
|
||||
return redirect(request.referrer)
|
||||
if request.referrer:
|
||||
return redirect(request.referrer)
|
||||
return redirect(url_for('index'))
|
||||
|
||||
# Login & update time-based trophies
|
||||
login_user(member, remember=form.remember_me.data)
|
||||
member.update_trophies("on-login")
|
||||
if request.args.get('next'):
|
||||
return redirect(request.args.get('next'))
|
||||
|
||||
# Redirect safely (https://huit.re/open-redirect)
|
||||
def is_safe_url(target):
|
||||
ref_url = urlparse(request.host_url)
|
||||
test_url = urlparse(urljoin(request.host_url, target))
|
||||
return test_url.scheme in ('http', 'https') and \
|
||||
ref_url.netloc == test_url.netloc
|
||||
|
||||
next = request.args.get('next')
|
||||
if next and is_safe_url(next):
|
||||
return redirect(next)
|
||||
if request.referrer:
|
||||
return redirect(request.referrer)
|
||||
return redirect(url_for('index'))
|
||||
|
||||
return render('login.html', form=form)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -124,13 +124,15 @@ def create_groups_and_privs():
|
|||
if g is not None:
|
||||
member.groups.append(g)
|
||||
|
||||
m = Member("PlanèteCasio", "contact@planet-casio.com", "v5-forever")
|
||||
m = Member("PlanèteCasio", "contact@planet-casio.com", "nologin")
|
||||
addgroup(m, "Compte communautaire")
|
||||
addgroup(m, "No login")
|
||||
db.session.add(m)
|
||||
|
||||
m = Member("GLaDOS", "glados@aperture.science", "v5-forever")
|
||||
m = Member("GLaDOS", "glados@aperture.science", "nologin")
|
||||
m.xp = 1338
|
||||
addgroup(m, "Robot")
|
||||
addgroup(m, "No login")
|
||||
db.session.add(m)
|
||||
db.session.commit()
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue