Simon/MClogger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified: web/app.py

Browse Source
This commit is contained in:
simon
2026-04-15 11:20:54 +02:00
parent bdf83bd275
commit 6bac132a32
1 changed files with 34 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
web/app.py
View File

@@ -8,7 +8,7 @@ from datetime import datetime
from flask import Flask, abort, render_template, request, session, url_for from flask import Flask, abort, render_template, request, session, url_for
from werkzeug.middleware.proxy_fix import ProxyFix from werkzeug.middleware.proxy_fix import ProxyFix
from config import Config from config import Config
from panel_db import init_databases, get_user_groups from panel_db import init_databases, get_user_groups, get_group_member
from roles import can_manage_group from roles import can_manage_group
from limiter import limiter from limiter import limiter
@@ -80,6 +80,39 @@ def create_app() -> Flask:
if not session_token or not request_token or session_token != request_token: if not session_token or not request_token or session_token != request_token:
abort(400) abort(400)
@app.before_request
def refresh_session_role():
"""Keeps session role/permissions in sync with the DB.
Runs on every request so role changes by an admin take effect
immediately without requiring the affected user to re-login."""
user_id = session.get("user_id")
group_id = session.get("group_id")
# Only for regular panel users (not site-admin-only sessions,
# not admin-viewing-group sessions, not unauthenticated requests).
if not user_id or session.get("is_site_admin") or session.get("admin_viewing"):
return
if not group_id:
return
try:
member = get_group_member(user_id, group_id)
if not member:
# User was removed from the group — clear their group context
session.pop("group_id", None)
session.pop("group_name", None)
session.pop("role", None)
session.pop("permissions", None)
return
import json as _json
raw = member.get("permissions")
perms = (
raw if isinstance(raw, dict)
else (_json.loads(raw) if isinstance(raw, str) else {})
)
session["role"] = member["role"]
session["permissions"] = perms
except Exception:
pass # DB unavailable — keep existing session as-is
@app.after_request @app.after_request
def set_security_headers(resp): def set_security_headers(resp):
resp.headers.setdefault("X-Content-Type-Options", "nosniff") resp.headers.setdefault("X-Content-Type-Options", "nosniff")