Strategická: Přihlašování tokenem kdekoliv

Zejména z důvodu generování animace
This commit is contained in:
Jiří Kalvoda 2022-09-26 16:37:34 +02:00
parent 1bb59161d8
commit 26894cd256

View file

@ -59,16 +59,13 @@ def init_request():
user = None user = None
g.user = None g.user = None
g.org = False g.org = False
if path.startswith('/api/'): token = request.args.get('token')
token = request.args.get('token') if token is not None:
if token is not None: user = db.get_session().query(db.User).filter_by(token=token).first()
user = db.get_session().query(db.User).filter_by(token=token).first() if user is None:
if user is None: raise werkzeug.exceptions.Forbidden("Wrong token.")
raise werkzeug.exceptions.Forbidden("Wrong token.") if 'uid' in session:
user = db.get_session().query(db.User).filter_by(id=session['uid']).first()
else:
if 'uid' in session:
user = db.get_session().query(db.User).filter_by(id=session['uid']).first()
path = request.path path = request.path
if path.startswith('/org/'): if path.startswith('/org/'):
if not user or not user.org: if not user or not user.org: