diff --git a/powerdnsadmin/routes/dashboard.py b/powerdnsadmin/routes/dashboard.py
index 457c415..c0ffe10 100644
--- a/powerdnsadmin/routes/dashboard.py
+++ b/powerdnsadmin/routes/dashboard.py
@@ -150,6 +150,16 @@ def dashboard():
else:
current_app.logger.info('Updating domains in background...')
+ if current_user.role.name == 'User' and not Setting().get(
+ 'allow_user_create_domain') and not Setting().get('allow_user_view_history'):
+ result = current_user.is_authenticate()
+ if result['auth'] == False:
+ return render_template('errors/401.html',
+ saml_enabled=current_app.config.get('SAML_ENABLED'),
+ error='Unauthorized',
+ username= current_user.username,
+ admin_email= result['admin_email'])
+
# Stats for dashboard
domain_count = 0
history_number = 0
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 479a38b..dc3cf96 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -168,14 +168,6 @@ def login():
return redirect(url_for('index.login'))
session['user_id'] = user.id
- result = user.is_authenticate()
- if result['auth'] == False:
- signin_history(user.username, 'Google OAuth', False)
- return render_template('errors/401.html',
- saml_enabled=SAML_ENABLED,
- error='Unauthorized',
- username= user.username,
- admin_email= result['admin_email'])
login_user(user, remember=False)
session['authentication_type'] = 'OAuth'
signin_history(user.username, 'Google OAuth', True)
@@ -204,14 +196,6 @@ def login():
session['user_id'] = user.id
session['authentication_type'] = 'OAuth'
- result = user.is_authenticate()
- if result['auth'] == False:
- signin_history(user.username, 'Github OAuth', False)
- return render_template('errors/401.html',
- saml_enabled=SAML_ENABLED,
- error='Unauthorized',
- username= user.username,
- admin_email= result['admin_email'])
login_user(user, remember=False)
signin_history(user.username, 'Github OAuth', True)
return redirect(url_for('index.index'))
@@ -383,14 +367,6 @@ def login():
history.add()
current_app.logger.warning('group info: {} '.format(account_id))
- result = user.is_authenticate()
- if result['auth'] == False:
- signin_history(user.username, 'Azure OAuth', False)
- return render_template('errors/401.html',
- saml_enabled=SAML_ENABLED,
- error='Unauthorized',
- username= user.username,
- admin_email= result['admin_email'])
login_user(user, remember=False)
signin_history(user.username, 'Azure OAuth', True)
return redirect(url_for('index.index'))
@@ -434,14 +410,6 @@ def login():
session['user_id'] = user.id
session['authentication_type'] = 'OAuth'
- result = user.is_authenticate()
- if result['auth'] == False:
- signin_history(user.username, 'OIDC OAuth', False)
- return render_template('errors/401.html',
- saml_enabled=SAML_ENABLED,
- error='Unauthorized',
- username= user.username,
- admin_email= result['admin_email'])
login_user(user, remember=False)
signin_history(user.username, 'OIDC OAuth', True)
return redirect(url_for('index.index'))
@@ -522,15 +490,6 @@ def login():
user.revoke_privilege(True)
current_app.logger.warning('Procceding to revoke every privilige from ' + user.username + '.' )
- result = user.is_authenticate()
- if result['auth'] == False:
- signin_history(user.username, 'LOCAL', False)
- return render_template('errors/401.html',
- saml_enabled=SAML_ENABLED,
- error='Unauthorized',
- username= user.username,
- admin_email= result['admin_email'])
-
login_user(user, remember=remember_me)
signin_history(user.username, 'LOCAL', True)
return redirect(session.get('next', url_for('index.index')))
@@ -1056,14 +1015,6 @@ def saml_authorized():
user.plain_text_password = None
user.update_profile()
session['authentication_type'] = 'SAML'
- result = user.is_authenticate()
- if result['auth'] == False:
- signin_history(user.username, 'SAML', False)
- return render_template('errors/401.html',
- saml_enabled=SAML_ENABLED,
- error='Unauthorized',
- username= user.username,
- admin_email= result['admin_email'])
login_user(user, remember=False)
signin_history(user.username, 'SAML', True)
return redirect(url_for('index.login'))
diff --git a/powerdnsadmin/templates/errors/401.html b/powerdnsadmin/templates/errors/401.html
index ac453c4..7d52748 100644
--- a/powerdnsadmin/templates/errors/401.html
+++ b/powerdnsadmin/templates/errors/401.html
@@ -31,7 +31,7 @@
at {{ admin_email }}
{% endif %}
for more information.
-
You may return to the login page.
+
You may return to the login page.