Allow admins to print teachers passwords, right parameter in lmn_chec…

…kPermission. Please test it before packaging: on my own server, teachers cannot see other teachers passwords.
linuxmuster · Jun 29, 2019 · e262752 · e262752 · PLanB2008 · Jul 1, 2019
1 parent 8832932
commit e262752
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/usr/lib/linuxmuster-webui/plugins/lmn_common/api.py b/usr/lib/linuxmuster-webui/plugins/lmn_common/api.py
@@ -201,10 +201,10 @@ def lmn_getSophomorixValue(sophomorixCommand, jsonpath, ignoreErrors=False):
 
 # check if the current user has a specific permissions
 def lmn_checkPermission(permission):
+    ## Permission needs to be a dict like {'id': 'lm:users:teachers:read', 'default': False}
     username = aj.worker.context.identity
     try:
-        AuthenticationService.get(aj.worker.context).get_provider().authorize(username, permission)
-        return True
+        return AuthenticationService.get(aj.worker.context).get_provider().authorize(username, permission)
     except:
         return False
 

diff --git a/usr/lib/linuxmuster-webui/plugins/lmn_users/views.py b/usr/lib/linuxmuster-webui/plugins/lmn_users/views.py
@@ -542,7 +542,7 @@ def handle_api_users_print(self, http_context):
                     classes = []
                 else:
                     classes = classes_raw['LIST_BY_sophomorixSchoolname_sophomorixAdminClass'][school]
-                    if lmn_checkPermission('lm:users:teachers:read'):
+                    if lmn_checkPermission({'id': 'lm:users:teachers:read', 'default': False}):
                         # append empty element. This references to all users
                         classes.append('')
                     else: