[fix] check users ACL on http basic auth

2017-05-12 15:42:29 +02:00 · 2017-05-12 15:42:29 +02:00 · c019f9d208
parent 442147bbbe
commit c019f9d208
1 changed files with 6 additions and 0 deletions
--- a/access.lua
+++ b/access.lua
@ -373,6 +373,12 @@ if auth_header then
    user = hlp.authenticate(user, password)
    if user then
        hlp.set_headers(user)
+
+        -- If user has no access to this URL, redirect him to the portal
+        if not hlp.has_access(user) then
+            return hlp.redirect(conf.portal_url)
+        end
+
        return hlp.pass()
    end
 end