Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add auth requirement to AJAX handlers

Browse Source
This commit is contained in:
LukasDoesDev 2021-01-18 17:02:38 +02:00
parent e3a359bbc6
commit e9dc45eeda
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/classes/web/ajax_handler.py
View File

@ -132,6 +132,7 @@ class AjaxHandler(BaseHandler):
helper.generate_tree(db_helper.get_server_data_by_id(server_id)['path'])) helper.generate_tree(db_helper.get_server_data_by_id(server_id)['path']))
self.finish() self.finish()
@tornado.web.authenticated
def post(self, page): def post(self, page):
user_data = json.loads(self.get_secure_cookie("user_data")) user_data = json.loads(self.get_secure_cookie("user_data"))
error = bleach.clean(self.get_argument('error', "WTF Error!")) error = bleach.clean(self.get_argument('error', "WTF Error!"))
@ -214,6 +215,7 @@ class AjaxHandler(BaseHandler):
# Create the directory # Create the directory
os.mkdir(dir_path) os.mkdir(dir_path)
@tornado.web.authenticated
def delete(self, page): def delete(self, page):
if page == "del_file": if page == "del_file":
file_path = self.get_body_argument('file_path', default=None, strip=True) file_path = self.get_body_argument('file_path', default=None, strip=True)
@ -270,6 +272,7 @@ class AjaxHandler(BaseHandler):
# os.rmdir(dir_path) # os.rmdir(dir_path)
shutil.rmtree(dir_path) # Removes also when there are contents shutil.rmtree(dir_path) # Removes also when there are contents
@tornado.web.authenticated
def put(self, page): def put(self, page):
if page == "save_file": if page == "save_file":
file_contents = self.get_body_argument('file_contents', default=None, strip=True) file_contents = self.get_body_argument('file_contents', default=None, strip=True)