From 8920ffac6623d8b4c22e674967c21cc786ed884e Mon Sep 17 00:00:00 2001 From: Oskar Hahn Date: Sat, 10 Jun 2017 09:25:27 +0200 Subject: [PATCH] Block anonymous from websocket, if they are deactivated --- openslides/utils/autoupdate.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openslides/utils/autoupdate.py b/openslides/utils/autoupdate.py index ea5cb5131..35c4c1bea 100644 --- a/openslides/utils/autoupdate.py +++ b/openslides/utils/autoupdate.py @@ -11,7 +11,7 @@ from django.db import transaction from ..core.config import config from ..core.models import Projector -from .auth import has_perm, user_to_collection_user +from .auth import anonymous_is_enabled, has_perm, user_to_collection_user from .cache import startup_cache, websocket_user_cache from .collection import Collection, CollectionElement, CollectionElementList @@ -72,6 +72,10 @@ def ws_add_site(message): Send all "startup-data" through the connection. """ + if not anonymous_is_enabled() and not message.user.id: + send_or_wait(message.reply_channel.send, {'accept': False}) + return + Group('site').add(message.reply_channel) message.channel_session['user_id'] = message.user.id # Saves the reply channel to the user. Uses 0 for anonymous users.