def check_site_access(self):
userId = self.get_id_from_cookie() or None
siteRole = self.get_id_from_cookie(role=True, for_site=Options['site_name'])
# Check if pre-authorized for site access
if Options['site_name']:
# Check if site is explicitly authorized (user has global admin/grader role, or has explicit site listed, including guest users)
preAuthorized = siteRole is not None
else:
# Single site: check if userid is special (admin/grader/guest)
preAuthorized = Global.userRoles.is_special_user(userId)
if preAuthorized:
return
if Global.login_domain and '@' in userId:
# External user
raise tornado.web.HTTPError(403, log_message='CUSTOM:User %s not pre-authorized to access site' % userId)
# Check if userId appears in roster
if sdproxy.getSheet(sdproxy.ROSTER_SHEET):
if not sdproxy.lookupRoster('id', userId):
raise tornado.web.HTTPError(403, log_message='CUSTOM:Userid %s not found in roster' % userId)
elif sdproxy.Settings['require_roster']:
raise tornado.web.HTTPError(403, log_message='CUSTOM:No roster available for site')
评论列表
文章目录