Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-03-26 05:50:05 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
6bf09d1f9d4b35377b85147ff472fb14d0b0aa34
CyberPanel/plogical/plugin_acl.py
master3395 b3ae20cba0 Add managePlugins ACL + enforce pluginHolder actions 
Ensures delegated admins with plugin management permission can access `/plugins/installed` UI and all plugin action endpoints consistently.
2026-03-25 10:12:48 +01:00

51 lines
1.6 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
"""Shared ACL checks for CyberPanel plugin management (core + store plugins)."""
from functools import wraps
from django.http import JsonResponse
def user_can_manage_plugins(request):
"""True if session user is full admin or has managePlugins ACL."""
try:
user_id = request.session['userID']
except KeyError:
return False
try:
from plogical.acl import ACLManager
acl = ACLManager.loadedACL(user_id)
if acl.get('admin') == 1:
return True
try:
return int(acl.get('managePlugins', 0) or 0) == 1
except (TypeError, ValueError):
return False
except BaseException:
return False
def deny_plugin_manage_json_response(request):
"""401 if no session, else 403 JSON for plugin management APIs."""
try:
request.session['userID']
except KeyError:
return JsonResponse({
'success': False,
'error_message': 'Authentication required.',
'error': 'Authentication required.',
}, status=401)
return JsonResponse({
'success': False,
'error_message': 'You are not authorized to manage plugins.',
'error': 'You are not authorized to manage plugins.',
}, status=403)
def require_manage_plugins_api(view_func):
"""Decorator: JSON 401/403 if user cannot manage plugins (use after login/session check)."""
@wraps(view_func)
def _wrapped(request, *args, **kwargs):
if not user_can_manage_plugins(request):
return deny_plugin_manage_json_response(request)
return view_func(request, *args, **kwargs)
return _wrapped
Reference in New Issue View Git Blame Copy Permalink