From 94704eeafe6afb82289877d3be201cb2561da403 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Wed, 22 Nov 2017 14:58:21 +0100
Subject: [PATCH] chg: add USER_ROLES-way to supply user and roles

---
 motion.py | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/motion.py b/motion.py
index cef9a6b..f0318d2 100644
--- a/motion.py
+++ b/motion.py
@@ -25,12 +25,22 @@ groups=["fellowship", "board"]
 @app.before_request
 def lookup_user():
     env = request.environ
-    if "USER" not in env or "ROLES" not in env:
+    user = None
+    if "USER_ROLES" in env:
+        parts = env.get("USER_ROLES").split("/", 1)
+        user = parts[0]
+        roles = parts[1]
+
+    if "USER" in env and "ROLES" in env:
+        user = env.get("USER")
+        roles = env.get("ROLES")
+
+    if user is None:
         return "Server misconfigured", 500
-    user = env.get("USER")
-    roles = env.get("ROLES").split(" ")
-    if roles == [""]:
-        roles = []
+    roles = roles.split(" ")
+
+    if user == "<invalid>":
+        return "Access denied", 403;
 
     db = get_db()
     with db.xact():
-- 
2.39.5