diff options
Diffstat (limited to 'ipa-server/ipa-gui')
| -rw-r--r-- | ipa-server/ipa-gui/dev.cfg | 6 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipa_webgui | 2 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipa_webgui.cfg | 6 | ||||
| -rw-r--r-- | ipa-server/ipa-gui/ipagui/subcontrollers/user.py | 12 |
4 files changed, 25 insertions, 1 deletions
diff --git a/ipa-server/ipa-gui/dev.cfg b/ipa-server/ipa-gui/dev.cfg index ef5e98a6..7faceb58 100644 --- a/ipa-server/ipa-gui/dev.cfg +++ b/ipa-server/ipa-gui/dev.cfg @@ -36,6 +36,12 @@ visit.manager='proxyvisit' # for Windows users, sqlite URIs look like: # sqlobject.dburi="sqlite:///drive_letter:/path/to/file" +# TurboGears sessions. Storing in /tmp for a production system would be +# insane but should be fine for developers. +session_filter.on = True +session_filter.storage_type='File' +session_filter.storage_path='/tmp' + # SERVER # Some server parameters that you may want to tweak diff --git a/ipa-server/ipa-gui/ipa_webgui b/ipa-server/ipa-gui/ipa_webgui index c496d7cc..dfba728f 100644 --- a/ipa-server/ipa-gui/ipa_webgui +++ b/ipa-server/ipa-gui/ipa_webgui @@ -78,7 +78,7 @@ def main(): sys.stderr.write("error becoming daemon: " + str(e)) sys.exit(1) - sys.path.append("/usr/share/ipa/") + sys.path.append("/usr/share/ipa/sessions") # this must be after sys.path is changed to work correctly import pkg_resources diff --git a/ipa-server/ipa-gui/ipa_webgui.cfg b/ipa-server/ipa-gui/ipa_webgui.cfg index 838ac32d..579e48bb 100644 --- a/ipa-server/ipa-gui/ipa_webgui.cfg +++ b/ipa-server/ipa-gui/ipa_webgui.cfg @@ -48,6 +48,12 @@ server.thread_pool = 10 # unexpected parameter. False by default # tg.strict_parameters = False +# TurboGears sessions. +session_filter.on = True +session_filter.storage_type='File' +session_filter.storage_path='/var/cache/ipa/session' + + # LOGGING # Logging configuration generally follows the style of the standard # Python logging module configuration. Note that when specifying diff --git a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py index 952278a0..cc2bba47 100644 --- a/ipa-server/ipa-gui/ipagui/subcontrollers/user.py +++ b/ipa-server/ipa-gui/ipagui/subcontrollers/user.py @@ -362,6 +362,10 @@ class UserController(IPAController): ipaerror.exception_for(ipaerror.LDAP_DATABASE_ERROR)): pass + # Set the uid we're editing in the session. If it doesn't match + # later the update will not be processed + cherrypy.session['uid'] = user_dict.get('uid') + return dict(form=user_edit_form, user=user_dict, user_groups=user_groups_dicts) except ipaerror.IPAError, e: @@ -384,6 +388,14 @@ class UserController(IPAController): turbogears.flash("Edit user cancelled") raise turbogears.redirect('/user/show', uid=kw.get('uid')) + edituid = cherrypy.session.get('uid') + if not edituid or edituid != kw.get('uid'): + turbogears.flash("Something went wrong. You last viewed %s but are trying to update %s" % (kw.get('uid'), edituid)) + raise turbogears.redirect('/user/show', uid=kw.get('uid')) + + # We no longer need this + cherrypy.session['uid'] = None + # Fix incoming multi-valued fields we created for the form kw = ipahelper.fix_incoming_fields(kw, 'cn', 'cns') kw = ipahelper.fix_incoming_fields(kw, 'telephonenumber', 'telephonenumbers') |