github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 02:19:27 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
651b50b1a1
discourse/lib/admin_constraint.rb
Guo Xiang Tan 651b50b1a1 FIX: Don't rate limit admin and staff constraints when matching routes. 
* When an error is raised when checking route constraints, we
  can only return true/false which either lets the request
  through or return a 404 error. Therefore, we just skip
  rate limiting here and let the controller handle the
  rate limiting.
2018-09-04 13:52:58 +08:00

27 lines
655 B
Ruby
Raw Blame History

require_dependency 'current_user'
class AdminConstraint
def initialize(options = {})
@require_master = options[:require_master]
end
def matches?(request)
return false if @require_master && RailsMultisite::ConnectionManagement.current_db != "default"
provider = Discourse.current_user_provider.new(request.env, rate_limit: false)
provider.current_user &&
provider.current_user.admin? &&
custom_admin_check(request)
rescue Discourse::InvalidAccess
false
end
# Extensibility point: plugins can overwrite this to add additional checks
# if they require.
def custom_admin_check(request)
true
end
end
Reference in New Issue View Git Blame Copy Permalink