perm middleware

9 years ago · ef07207fde
parent a3ec1a12a4
commit ef07207fde
2 changed files with 16 additions and 1 deletions
--- a/access/middleware.py
+++ b/access/middleware.py
@ -0,0 +1,14 @@
+from django.http import HttpResponseForbidden
+
+
+class CheckPerm(object):
+
+    @staticmethod
+    def process_request(request):
+        if '/admin' in request.path or '/management' in request.path or '/analytics' in request.path:
+            if not request.user.is_authenticated():
+                return HttpResponseForbidden()
+
+            if not (request.user.in_role == "M" or request.user.in_role == "S" or request.user.in_role == "A" or request.user.is_admin):
+                return HttpResponseForbidden()
+
--- a/lms/settings.py
+++ b/lms/settings.py
@ -103,6 +103,7 @@ MIDDLEWARE_CLASSES = [
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'access.middleware.CheckPerm',
 ]

 ROOT_URLCONF = 'lms.urls'
@ -136,7 +137,7 @@ DATABASES = {
        'NAME': os.environ.get('DB_NAME', 'codemy'),
        'USER': os.environ.get('PG_ENV_POSTGRES_USER', 'team'),
        'PASSWORD': os.environ.get('PG_ENV_POSTGRES_PASSWORD', 'nu5Xefise'),
-        'HOST': os.environ.get('PG_PORT_5432_TCP_ADDR', '192.168.0.6'),
+        'HOST': os.environ.get('PG_PORT_5432_TCP_ADDR', '127.0.0.1'),
        'PORT': os.environ.get('PG_PORT_5432_TCP_PORT', '5432'),
    },
 }