Commit 477e035f by Torkel Ödegaard

Fixed anonymous access mode, Closes #1586

parent f3d4d278
......@@ -75,7 +75,7 @@ auto_assign_org_role = Viewer
; enable anonymous access
enabled = false
; specify organization name that should be used for unauthenticated users
org_name = main
org_name = Main org.
; specify role for unauthenticated users
org_role = Viewer
......
......@@ -47,15 +47,11 @@ func NewReverseProxy(ds *m.DataSource, proxyPath string) *httputil.ReverseProxy
// TODO: need to cache datasources
func ProxyDataSourceRequest(c *middleware.Context) {
id := c.ParamsInt64(":id")
query := m.GetDataSourceByIdQuery{Id: id, OrgId: c.OrgId}
query := m.GetDataSourceByIdQuery{
Id: id,
OrgId: c.OrgId,
}
err := bus.Dispatch(&query)
if err != nil {
if err := bus.Dispatch(&query); err != nil {
c.JsonApiErr(500, "Unable to load datasource meta data", err)
return
}
proxyPath := c.Params("*")
......
......@@ -16,7 +16,7 @@ import (
func getFrontendSettingsMap(c *middleware.Context) (map[string]interface{}, error) {
orgDataSources := make([]*m.DataSource, 0)
if c.IsSignedIn {
if c.OrgId != 0 {
query := m.GetDataSourcesQuery{OrgId: c.OrgId}
err := bus.Dispatch(&query)
......
......@@ -23,7 +23,7 @@ func getRequestUserId(c *Context) int64 {
}
// TODO: figure out a way to secure this
if c.Query("render") == "1" {
if c.Req.URL.Query().Get("render") == "1" {
userId := c.QueryInt64(SESS_KEY_USERID)
c.Session.Set(SESS_KEY_USERID, userId)
return userId
......@@ -75,7 +75,7 @@ func Auth(options *AuthOptions) macaron.Handler {
return
}
if !c.IsSignedIn && options.ReqSignedIn && !c.HasAnonymousAccess {
if !c.IsSignedIn && options.ReqSignedIn && !c.AllowAnonymous {
c.SetCookie("redirect_to", url.QueryEscape(setting.AppSubUrl+c.Req.RequestURI), 0, setting.AppSubUrl+"/")
authDenied(c)
return
......
package middleware
import (
"encoding/json"
"strconv"
"strings"
......@@ -21,18 +20,18 @@ type Context struct {
Session session.Store
IsSignedIn bool
HasAnonymousAccess bool
IsSignedIn bool
AllowAnonymous bool
}
func GetContextHandler() macaron.Handler {
return func(c *macaron.Context, sess session.Store) {
ctx := &Context{
Context: c,
Session: sess,
SignedInUser: &m.SignedInUser{},
IsSignedIn: false,
HasAnonymousAccess: false,
Context: c,
Session: sess,
SignedInUser: &m.SignedInUser{},
IsSignedIn: false,
AllowAnonymous: false,
}
// try get account id from request
......@@ -76,12 +75,10 @@ func GetContextHandler() macaron.Handler {
} else if setting.AnonymousEnabled {
orgQuery := m.GetOrgByNameQuery{Name: setting.AnonymousOrgName}
if err := bus.Dispatch(&orgQuery); err != nil {
if err == m.ErrOrgNotFound {
log.Error(3, "Anonymous access organization name does not exist", nil)
}
log.Error(3, "Anonymous access organization error", nil)
} else {
ctx.IsSignedIn = false
ctx.HasAnonymousAccess = true
ctx.AllowAnonymous = true
ctx.SignedInUser = &m.SignedInUser{}
ctx.OrgRole = m.RoleType(setting.AnonymousOrgRole)
ctx.OrgId = orgQuery.Result.Id
......@@ -141,9 +138,3 @@ func (ctx *Context) JsonApiErr(status int, message string, err error) {
ctx.JSON(status, resp)
}
func (ctx *Context) JsonBody(model interface{}) bool {
b, _ := ctx.Req.Body().Bytes()
err := json.Unmarshal(b, &model)
return err == nil
}
......@@ -28,7 +28,7 @@
<ul class="sidemenu sidemenu-small" style="margin-top:50px" ng-if="!systemSection">
<li>
<li ng-if="contextSrv.user.isSignedIn">
<a href="profile" class="sidemenu-item">
<img ng-src="{{contextSrv.user.gravatarUrl}}">
<span class="sidemenu-item-text">{{contextSrv.user.name}}</span>
......@@ -61,12 +61,19 @@
</a>
</li>
<li>
<li ng-if="contextSrv.isSignedIn">
<a href="logout" class="sidemenu-item" target="_self">
<span class="icon-circle sidemenu-icon"><i class="fa fa-fw fa-sign-out"></i></span>
<span class="sidemenu-item-text">Sign out</span>
</a>
</li>
<li ng-if="!contextSrv.isSignedIn">
<a href="login" class="sidemenu-item" target="_self">
<span class="icon-circle sidemenu-icon"><i class="fa fa-fw fa-sign-in"></i></span>
<span class="sidemenu-item-text">Sign in</span>
</a>
</li>
</ul>
<ul class="sidemenu sidemenu-small" style="margin-top:50px" ng-if="systemSection">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment