Allow ceod/* principals for all requests (#121)
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
Allow the ceod/\* principals (which should only be used by the ceod daemons) to make requests to all API endpoints. Reviewed-on: #121
This commit is contained in:
parent
25994af312
commit
bd1da799c6
|
@ -51,7 +51,12 @@ def requires_admin_creds(f: Callable) -> Callable:
|
|||
|
||||
|
||||
def user_is_in_group(username: str, group_name: str) -> bool:
|
||||
"""Returns True if `username` is in `group_name`, False otherwise."""
|
||||
"""
|
||||
Returns True if `username` is in `group_name` (or starts with "ceod/"),
|
||||
False otherwise.
|
||||
"""
|
||||
if username.startswith("ceod/"):
|
||||
return True
|
||||
ldap_srv = component.getUtility(ILDAPService)
|
||||
group = ldap_srv.get_group(group_name)
|
||||
return username in group.members
|
||||
|
|
Loading…
Reference in New Issue