Commit ce4ec033 authored by Kostas Papadimitriou's avatar Kostas Papadimitriou
Browse files

Helpdesk authentication view wrapper fix

- avoid AttributeError when checking for request.user attribute to be
  present
- deny access if no groups defined in user dict
parent 7cd87aeb
......@@ -22,8 +22,12 @@ def helpdesk_user_required(func, groups=['helpdesk']):
def wrapper(request, *args, **kwargs):
token = get_token_from_cookie(request, HELPDESK_AUTH_COOKIE)
get_user(request, settings.ASTAKOS_URL, fallback_token=token)
if request.user:
if hasattr(request, 'user'):
groups = request.user.get('groups', [])
if not groups:
raise PermissionDenied
for g in groups:
if not g in groups:
raise PermissionDenied
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment