From 500849f6ab243f143a92a07c05cdc8b943713928 Mon Sep 17 00:00:00 2001 From: Ferenc Schulcz <schulcz.ferenc@gmail.com> Date: Wed, 16 Oct 2024 14:09:10 +0200 Subject: [PATCH] Make public endpoints accessible by logged-in users --- router.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/router.py b/router.py index 4f007a2..9e91230 100644 --- a/router.py +++ b/router.py @@ -39,8 +39,8 @@ def plugin_add_endpoint(endpoint_id: str, handler, permission_name: str, method= """Add a dynamic endpoint.""" """ id: used in the url (like /something)""" """ handler: pointer to handler function""" - """ servicename: service identifier for authorization. If None, it is a public (and public-only) endpoint.""" - """ method: HTTP method this endpoint can handle. If you plan to handle multiple endpoints, call this function multiple times. (Make sure to only add a menu once.)""" + """ servicename: service identifier for authorization. If None, it is a public endpoint""" + """ method: HTTP method this endpoint can handle. If you plan to handle multiple methods with one endpoint, call this function multiple times. (Make sure to only add a menu once.)""" """ menutext: Text to appear in the menu. If None, no menu item is added.""" if permission_name == None: @@ -322,9 +322,14 @@ def service(**kwargs): return redirect(url_for('login', next=servicename)) return handler(session=session, request=request, rqtools=RequestTools()) else: + # Search for authorized endpoint or public endpoint (permission_name, handler) = get_authorized_endpoint(servicename, request.method) if handler == None: - return get_404(None) + handler = get_public_endpoint(servicename, request.method) + if handler == None: + return get_404(None) + else: + return handler(session=session, request=request, rqtools=RequestTools()) if not services.authorize_user(session['username'], permission_name): return get_403(None) return handler(session=session, request=request, rqtools=RequestTools()) -- GitLab