]> git.ipfire.org Git - ipfire.org.git/commitdiff
projects / ipfire.org.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8e66136)
analytics: Restrict access to admins only
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 8 Jan 2024 17:49:17 +0000 (17:49 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 8 Jan 2024 17:49:17 +0000 (17:49 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/web/analytics.py patch | blob | blame | history

diff --git a/src/web/analytics.py b/src/web/analytics.py
index 8eafe488235343657a0aa287b756963bd1c0ee75..83a7d96103c7a6ef0c0f41ec79dab3aba84d6f1a 100644 (file)
--- a/src/web/analytics.py
+++ b/src/web/analytics.py
@@ -9,12 +9,20 @@ from . import ui_modules
 class IndexHandler(base.BaseHandler):
        @tornado.web.authenticated
        def get(self):
+               # Check access permissions
+               if not self.current_user.is_admin():
+                       raise tornado.web.HTTPError(403)
+
                self.render("analytics/index.html")
 
 
 class DocsHandler(base.BaseHandler):
        @tornado.web.authenticated
        def get(self):
+               # Check access permissions
+               if not self.current_user.is_admin():
+                       raise tornado.web.HTTPError(403)
+
                # Most Popular Pages
                popular_pages = self.backend.analytics.get_most_popular_docs_pages(
                        self.request.host, since=datetime.timedelta(hours=24 * 365), limit=50)
The website of ipfire.org.