api: export all formdefs if url is signed without a user (#7410)
This commit is contained in:
parent
fffe1c6c6a
commit
5b88e34063
10
wcs/api.py
10
wcs/api.py
|
@ -32,13 +32,13 @@ from wcs.formdef import FormDef
|
|||
from wcs.roles import Role
|
||||
|
||||
|
||||
def get_user_from_api_query_string():
|
||||
def is_url_signed():
|
||||
query_string = get_request().get_query()
|
||||
if not query_string:
|
||||
return None
|
||||
return False
|
||||
signature = get_request().form.get('signature')
|
||||
if not isinstance(signature, basestring):
|
||||
return None
|
||||
return False
|
||||
# verify signature
|
||||
orig = get_request().form.get('orig')
|
||||
if not isinstance(orig, basestring):
|
||||
|
@ -67,7 +67,11 @@ def get_user_from_api_query_string():
|
|||
if abs(delta) > datetime.timedelta(seconds=MAX_DELTA):
|
||||
raise AccessForbiddenError('timestamp delta is more '
|
||||
'than %s seconds: %s seconds' % (MAX_DELTA, delta))
|
||||
return True
|
||||
|
||||
def get_user_from_api_query_string():
|
||||
if not is_url_signed():
|
||||
return None
|
||||
# Signature is good. Now looking for the user, by email/NameID.
|
||||
# If email or NameID exist but are empty, return None
|
||||
user = None
|
||||
|
|
|
@ -1210,8 +1210,10 @@ class RootDirectory(AccessControlled, Directory):
|
|||
return r.getvalue()
|
||||
|
||||
def json(self):
|
||||
from wcs.api import get_user_from_api_query_string
|
||||
from wcs.api import is_url_signed, get_user_from_api_query_string
|
||||
user = get_user_from_api_query_string() or get_request().user
|
||||
list_all_forms = (user and user.is_admin) or (is_url_signed() and user is None)
|
||||
|
||||
list_forms = []
|
||||
|
||||
if self.category:
|
||||
|
@ -1227,7 +1229,7 @@ class RootDirectory(AccessControlled, Directory):
|
|||
|
||||
for formdef in formdefs:
|
||||
authentication_required = False
|
||||
if formdef.roles and not (user and user.is_admin):
|
||||
if formdef.roles and not list_all_forms:
|
||||
if not user:
|
||||
if not formdef.always_advertise:
|
||||
continue
|
||||
|
|
Loading…
Reference in New Issue