Return 403 if the user logged in is now an org and handle it on the client
This commit is contained in:
Joseph Schorr
parent
743e95c50e
commit
07b9128ab6
2 changed files with 13 additions and 4 deletions
|
|
@ -40,6 +40,10 @@ def api_login_required(f):
|
|||
def decorated_view(*args, **kwargs):
|
||||
if not current_user.is_authenticated():
|
||||
abort(401)
|
||||
|
||||
if current_user.db_user().organization:
|
||||
abort(403)
|
||||
|
||||
return f(*args, **kwargs)
|
||||
return decorated_view
|
||||
|
||||
|
|
@ -78,7 +82,7 @@ def get_logged_in_user():
|
|||
'can_create_repo': admin_org.can() or CreateRepositoryPermission(o.username).can()
|
||||
}
|
||||
|
||||
if current_user.is_anonymous():
|
||||
if current_user.is_anonymous() or current_user.db_user().organization:
|
||||
return jsonify({'anonymous': True})
|
||||
|
||||
user = current_user.db_user()
|
||||
|
|
@ -223,9 +227,7 @@ def conduct_signin(username, password):
|
|||
@api_login_required
|
||||
def logout():
|
||||
logout_user()
|
||||
|
||||
identity_changed.send(app, identity=AnonymousIdentity())
|
||||
|
||||
return make_response('Success', 200)
|
||||
|
||||
|
||||
|
|
|
|||
Reference in a new issue