diff --git a/app/data/groups.yaml b/app/data/groups.yaml index 24ead16..6f5d93d 100644 --- a/app/data/groups.yaml +++ b/app/data/groups.yaml @@ -48,7 +48,6 @@ # move.posts # shoutbox.* # misc.unlimited-pms -# misc.community-login - name: Administrateur @@ -62,7 +61,7 @@ move.posts shoutbox.kick shoutbox.ban misc.unlimited-pms misc.dev-infos misc.admin-panel - misc.no-upload-limits misc.arbitrary-login misc.community-login + misc.no-upload-limits misc.arbitrary-login - name: Modérateur css: "color: green;" @@ -89,7 +88,7 @@ privs: forum.access.admin forum.post-news publish.schedule-posts publish.pin-posts publish.shared-files delete.shared-files - misc.no-upload-limits + misc.no-upload-limits misc.community-login - name: Responsable communauté css: "color: DarkOrange;" @@ -97,7 +96,7 @@ l'évolution du monde autour de nous !" privs: forum.access.admin forum.post-news publish.schedule-posts publish.pin-posts publish.shared-files - delete.shared-files + delete.shared-files misc.community-login - name: Partenaire css: "color: purple;" diff --git a/app/routes/admin/login_as.py b/app/routes/admin/login_as.py index f1d7029..208775a 100644 --- a/app/routes/admin/login_as.py +++ b/app/routes/admin/login_as.py @@ -5,7 +5,9 @@ from itsdangerous.exc import BadSignature from app import app from app.utils.render import render from app.utils.login_as import is_vandal +from app.utils.unicode_names import normalize from app.models.user import Member +from app.models.priv import Group from app.forms.login_as import LoginAsForm @@ -25,14 +27,16 @@ def adm_login_as(): # Handle form form = LoginAsForm() if form.validate_on_submit(): - user = Member.query.filter_by(name=form.username.data).first() + norm = normalize(form.username.data) + user = Member.query.filter_by(norm=norm).one() if user is None: flash("Utilisateur invalide", "error") return render('admin/login_as.html', form=form) # Apply for community login - is_community = True # TODO: check if user is community - if not is_community and not user.priv("misc.arbitrary-login"): + g = Group.query.filter_by(name="Compte communautaire").one() + is_community = g in user.groups + if not is_community and not current_user.priv("misc.arbitrary-login"): abort(403) # Create a safe token to flee when needed @@ -68,7 +72,7 @@ def adm_logout_as(): try: id = s.loads(vandal_token) except BadSignature: - flash("Vous avez vraiment agit de manière stupide.", "error") + flash("Vous avez vraiment agi de manière stupide.", "error") abort(403) user = Member.query.get(id) diff --git a/app/templates/admin/login_as.html b/app/templates/admin/login_as.html index 44881c9..0576763 100644 --- a/app/templates/admin/login_as.html +++ b/app/templates/admin/login_as.html @@ -5,7 +5,7 @@ {% endblock %} {% block content %} -
+
{{ form.hidden_tag() }}

diff --git a/app/utils/login_as.py b/app/utils/login_as.py index 5311fcd..10336ec 100644 --- a/app/utils/login_as.py +++ b/app/utils/login_as.py @@ -5,7 +5,7 @@ from app import app def is_vandal(): - """ Return True is the current user looks like a vandal """ + """ Return True if the current user looks like a vandal """ s = Serializer(app.config["SECRET_KEY"]) vandal_token = request.cookies.get('vandale')