Return 403 if the user logged in is now an org and handle it on the client
This commit is contained in:
Joseph Schorr
parent
743e95c50e
commit
07b9128ab6
2 changed files with 13 additions and 4 deletions
|
|
@ -40,6 +40,10 @@ def api_login_required(f):
|
|||
def decorated_view(*args, **kwargs):
|
||||
if not current_user.is_authenticated():
|
||||
abort(401)
|
||||
|
||||
if current_user.db_user().organization:
|
||||
abort(403)
|
||||
|
||||
return f(*args, **kwargs)
|
||||
return decorated_view
|
||||
|
||||
|
|
@ -78,7 +82,7 @@ def get_logged_in_user():
|
|||
'can_create_repo': admin_org.can() or CreateRepositoryPermission(o.username).can()
|
||||
}
|
||||
|
||||
if current_user.is_anonymous():
|
||||
if current_user.is_anonymous() or current_user.db_user().organization:
|
||||
return jsonify({'anonymous': True})
|
||||
|
||||
user = current_user.db_user()
|
||||
|
|
@ -223,9 +227,7 @@ def conduct_signin(username, password):
|
|||
@api_login_required
|
||||
def logout():
|
||||
logout_user()
|
||||
|
||||
identity_changed.send(app, identity=AnonymousIdentity())
|
||||
|
||||
return make_response('Success', 200)
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -867,7 +867,14 @@ quayApp.directive('ngBlur', function() {
|
|||
};
|
||||
});
|
||||
|
||||
quayApp.run(['$location', '$rootScope', function($location, $rootScope) {
|
||||
quayApp.run(['$location', '$rootScope', 'Restangular', 'UserService', function($location, $rootScope, Restangular, UserService) {
|
||||
Restangular.setResponseInterceptor(function(data, operation, what, url, response, deferred) {
|
||||
if (response.status == 403) {
|
||||
UserService.load();
|
||||
}
|
||||
return data;
|
||||
});
|
||||
|
||||
$rootScope.$on('$routeChangeSuccess', function (event, current, previous) {
|
||||
if (current.$$route.title) {
|
||||
$rootScope.title = current.$$route.title;
|
||||
|
|
|
|||
Reference in a new issue