File tree Expand file tree Collapse file tree 2 files changed +12
-7
lines changed
supertokens_python/recipe/dashboard Expand file tree Collapse file tree 2 files changed +12
-7
lines changed Original file line number Diff line number Diff line change @@ -69,19 +69,24 @@ async def should_allow_access(
6969
7070 admins = config .admins
7171
72- # If the user has provided no admins, allow
73- if len (admins ) == 0 :
72+ if admins is None :
7473 return True
7574
76- email_in_headers = request .get_header ("email" )
75+ if len (admins ) == 0 :
76+ log_debug_message (
77+ "User Dashboard: Throwing OPERATION_NOT_ALLOWED because user is not an admin"
78+ )
79+ raise DashboardOperationNotAllowedError ()
80+
81+ user_email = session_verification_response .get ("email" )
7782
78- if email_in_headers is None :
83+ if user_email is None or not isinstance ( user_email , str ) :
7984 log_debug_message (
8085 "User Dashboard: Returning UNAUTHORISED_ERROR because no email was provided in headers"
8186 )
8287 return False
8388
84- if email_in_headers not in admins :
89+ if user_email not in admins :
8590 log_debug_message (
8691 "User Dashboard: Throwing OPERATION_NOT_ALLOWED because user is not an admin"
8792 )
Original file line number Diff line number Diff line change @@ -183,7 +183,7 @@ class DashboardConfig:
183183 def __init__ (
184184 self ,
185185 api_key : Optional [str ],
186- admins : List [str ],
186+ admins : Optional [ List [str ] ],
187187 override : OverrideConfig ,
188188 auth_mode : str ,
189189 ):
@@ -208,7 +208,7 @@ def validate_and_normalise_user_input(
208208 "User Dashboard: Providing 'admins' has no effect when using an api key."
209209 )
210210
211- admins = [normalise_email (a ) for a in admins ] if admins is not None else []
211+ admins = [normalise_email (a ) for a in admins ] if admins is not None else None
212212
213213 return DashboardConfig (
214214 api_key ,
You can’t perform that action at this time.
0 commit comments