diff --git a/server/src/uds/REST/handlers.py b/server/src/uds/REST/handlers.py index 1a2462841..482cfaccd 100644 --- a/server/src/uds/REST/handlers.py +++ b/server/src/uds/REST/handlers.py @@ -125,15 +125,14 @@ class Handler: if self._auth_token is None: raise AccessDenied() - self._user = self.get_user() - if not self._user.can_access(self.min_access_role): - raise AccessDenied() - try: self._user = self.get_user() except Exception as e: # Maybe the user was deleted, so access is denied raise AccessDenied() from e + + if not self._user.can_access(self.min_access_role): + raise AccessDenied() else: self._user = User() # Empty user for non authenticated handlers self._user.state = types.states.State.ACTIVE # Ensure it's active @@ -219,8 +218,6 @@ class Handler: password: str, locale: str, platform: str, - is_admin: bool, - staff_member: bool, scrambler: str, ) -> None: """ @@ -232,11 +229,8 @@ class Handler: :param is_admin: If user is considered admin or not :param staff_member: If is considered as staff member """ - if is_admin: - staff_member = True # Make admins also staff members :-) - # crypt password and convert to base64 - passwd = codecs.encode(CryptoManager().symmetric_encrypt(password, scrambler), 'base64').decode() + passwd = codecs.encode(CryptoManager.manager().symmetric_encrypt(password, scrambler), 'base64').decode() session['REST'] = { 'auth': id_auth, @@ -244,8 +238,6 @@ class Handler: 'password': passwd, 'locale': locale, 'platform': platform, - 'is_admin': is_admin, - 'staff_member': staff_member, } def gen_auth_token( @@ -255,8 +247,6 @@ class Handler: password: str, locale: str, platform: str, - is_admin: bool, - staf_member: bool, scrambler: str, ) -> str: """ @@ -276,8 +266,6 @@ class Handler: password, locale, platform, - is_admin, - staf_member, scrambler, ) session.save() diff --git a/server/src/uds/REST/methods/login_logout.py b/server/src/uds/REST/methods/login_logout.py index 058a6d637..802e7b47d 100644 --- a/server/src/uds/REST/methods/login_logout.py +++ b/server/src/uds/REST/methods/login_logout.py @@ -156,7 +156,7 @@ class Login(Handler): if GlobalConfig.SUPER_USER_LOGIN.get(True) == username and CryptoManager.manager().check_hash( password, GlobalConfig.SUPER_USER_PASS.get(True) ): - self.gen_auth_token(-1, username, password, locale, platform, True, True, scrambler) + self.gen_auth_token(-1, username, password, locale, platform, scrambler) return Login.result(result='ok', token=self.get_auth_token()) return Login.result(error='Invalid credentials') @@ -188,8 +188,6 @@ class Login(Handler): password, locale, platform, - auth_result.user.is_admin, - auth_result.user.staff_member, scrambler, ), scrambler=scrambler, diff --git a/server/src/uds/REST/model/model.py b/server/src/uds/REST/model/model.py index 911380136..40607f53d 100644 --- a/server/src/uds/REST/model/model.py +++ b/server/src/uds/REST/model/model.py @@ -327,32 +327,32 @@ class ModelHandler(BaseModelHandler): return operation() - match self._args[0]: - case consts.rest.OVERVIEW: - if number_of_args == 1: - return list(self.get_items()) + match self._args: + case [consts.rest.OVERVIEW]: + return list(self.get_items()) + case [consts.rest.OVERVIEW, *_fails]: raise self.invalid_request_response() - case consts.rest.TABLEINFO: - if number_of_args != 1: - raise self.invalid_request_response() + case [consts.rest.TABLEINFO]: return self.process_table_fields( self.table_title, self.table_fields, self.table_row_style, self.table_subtitle, ) - case consts.rest.TYPES: - if number_of_args == 1: - return list(self.get_types()) - if number_of_args != 2: - raise self.invalid_request_response() - return self.get_type(self._args[1]) - case consts.rest.GUI: - if number_of_args == 1: - return self.get_gui('') - if number_of_args != 2: - raise self.invalid_request_response() - return sorted(self.get_gui(self._args[1]), key=lambda f: f['gui']['order']) + case [consts.rest.TABLEINFO, *_fails]: + raise self.invalid_request_response() + case [consts.rest.TYPES]: + return list(self.get_types()) + case [consts.rest.TYPES, type_]: + return self.get_type(type_) + case [consts.rest.TYPES, type_, *_fails]: + raise self.invalid_request_response() + case [consts.rest.GUI]: + return self.get_gui('') + case [consts.rest.GUI, type_]: + return sorted(self.get_gui(type_), key=lambda f: f['gui']['order']) + case [consts.rest.GUI, type_, *_fails]: + raise self.invalid_request_response() case _: # Maybe an item or a detail if number_of_args == 1: try: diff --git a/server/src/uds/core/auths/auth.py b/server/src/uds/core/auths/auth.py index ec64624c7..0a18a35c9 100644 --- a/server/src/uds/core/auths/auth.py +++ b/server/src/uds/core/auths/auth.py @@ -425,8 +425,6 @@ def weblogin( password, get_language() or '', request.os.os.name, - user.is_admin, - user.staff_member, cookie, ) return True diff --git a/server/src/uds/core/consts/__init__.py b/server/src/uds/core/consts/__init__.py index 4fa8ed771..d74e8dd86 100644 --- a/server/src/uds/core/consts/__init__.py +++ b/server/src/uds/core/consts/__init__.py @@ -84,8 +84,6 @@ class UserRole(enum.StrEnum): ADMIN = 'admin' STAFF = 'staff' - - # Currently not used, but reserved USER = 'user' ANONYMOUS = 'anonymous'