adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Secu: verif permissions can_view/can_edit sur endpoints HTMX detail/edit

Browse Source
This commit is contained in:
Pierre & Lumière 2026-04-17 23:15:04 +00:00
parent 89f069ddcc
commit 9097872e57
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/routers/audit.py
View File

@ -117,6 +117,9 @@ async def audit_detail(request: Request, audit_id: int, db=Depends(get_db)):
user = get_current_user(request)
if not user:
return HTMLResponse("<p>Non autorisé</p>")
from ..dependencies import get_user_perms, can_view
if not can_view(get_user_perms(db, user), "audit"):
return HTMLResponse("<p>Non autorisé</p>")
entry = db.execute(text("SELECT * FROM server_audit WHERE id = :id"),
{"id": audit_id}).fetchone()
if not entry:

6
app/routers/servers.py
View File

@ -98,6 +98,9 @@ async def server_detail(request: Request, server_id: int, db=Depends(get_db)):
user = get_current_user(request)
if not user:
return HTMLResponse("<p>Non autorise</p>")
from ..dependencies import get_user_perms, can_view
if not can_view(get_user_perms(db, user), "servers"):
return HTMLResponse("<p>Non autorise</p>")
s = get_server_full(db, server_id)
if not s:
return HTMLResponse("<p>Serveur non trouve</p>")
@ -115,6 +118,9 @@ async def server_edit(request: Request, server_id: int, db=Depends(get_db)):
user = get_current_user(request)
if not user:
return HTMLResponse("<p>Non autorise</p>")
from ..dependencies import get_user_perms, can_edit
if not can_edit(get_user_perms(db, user), "servers"):
return HTMLResponse("<p>Non autorise</p>")
s = get_server_full(db, server_id)
if not s:
return HTMLResponse("<p>Serveur non trouve</p>")