chg: add USER_ROLES-way to supply user and roles

diff --git a/motion.py b/motion.py
index cef9a6bc584b03ae4cc43e4b4c1a96984f1c554e..f0318d2277c19283809791db659108a7e6cdb04f 100644 (file)
--- a/motion.py
+++ b/motion.py
@@ -25,12 +25,22 @@ groups=["fellowship", "board"]
 @app.before_request
 def lookup_user():
     env = request.environ
-    if "USER" not in env or "ROLES" not in env:
+    user = None
+    if "USER_ROLES" in env:
+        parts = env.get("USER_ROLES").split("/", 1)
+        user = parts[0]
+        roles = parts[1]
+
+    if "USER" in env and "ROLES" in env:
+        user = env.get("USER")
+        roles = env.get("ROLES")
+
+    if user is None:
         return "Server misconfigured", 500
-    user = env.get("USER")
-    roles = env.get("ROLES").split(" ")
-    if roles == [""]:
-        roles = []
+    roles = roles.split(" ")
+
+    if user == "<invalid>":
+        return "Access denied", 403;
 
     db = get_db()
     with db.xact():