implement level permissions in tileserver/cachepackage

2024-12-19 00:51:48 +01:00 · 2024-12-19 00:51:48 +01:00 · 6167c92e98
commit 6167c92e98
parent 9d77707cc5
4 changed files with 37 additions and 9 deletions
--- a/src/c3nav/tileserver/wsgi.py
+++ b/src/c3nav/tileserver/wsgi.py
@ -285,10 +285,15 @@ class TileServer:
            cookie = self.cookie_regex.search(cookie)
            if cookie:
                cookie = cookie.group(2)
-                access_permissions = (parse_tile_access_cookie(cookie, self.tile_secret) &
-                                      set(level_data.restrictions[minx:maxx, miny:maxy]))
+                access_permissions = (
+                    parse_tile_access_cookie(cookie, self.tile_secret) &
+                    (set(level_data.restrictions[minx:maxx, miny:maxy]) | level_data.global_restrictions)
+                )
                access_cache_key = build_access_cache_key(access_permissions)

+        if not all((r in access_permissions) for r in level_data.global_restrictions):
+            return self.not_found(start_response, b'invalid level or theme.')
+
        # check browser cache
        if_none_match = env.get('HTTP_IF_NONE_MATCH')
        tile_etag = build_tile_etag(level, zoom, x, y, theme_id, base_cache_key, access_cache_key, self.tile_secret)