diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
index 42e39370d..71c5a3a84 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Reload.pm
@@ -10,7 +10,6 @@ use Lemonldap::NG::Common::Crypto;
use Lemonldap::NG::Common::Safelib; #link protected safe Safe object
use Lemonldap::NG::Handler::Main::Jail;
use Scalar::Util qw(weaken);
-use Data::Dumper;
use constant UNPROTECT => 1;
use constant SKIP => 2;
@@ -282,10 +281,10 @@ sub locationRulesInit {
$class->tsv->{locationProtection}->{$vhost} = [];
$class->tsv->{locationRegexp}->{$vhost} = [];
$class->tsv->{locationConditionText}->{$vhost} = [];
+ $class->tsv->{locationAuthnLevel}->{$vhost} = [];
foreach my $url ( sort keys %{$rules} ) {
my ( $cond, $prot ) = $class->conditionSub( $rules->{$url} );
- $class->logger->debug("+++ " . $cond);
unless ($cond) {
$class->tsv->{maintenance}->{$vhost} = 1;
$class->logger->error(
@@ -302,15 +301,18 @@ sub locationRulesInit {
push @{ $class->tsv->{locationCondition}->{$vhost} }, $cond;
push @{ $class->tsv->{locationProtection}->{$vhost} }, $prot;
push @{ $class->tsv->{locationRegexp}->{$vhost} }, qr/$url/;
+ push @{ $class->tsv->{locationAuthnLevel}->{$vhost} },
+ $url =~ /\(\?#AuthnLevel=(-?\d+)\)/
+ ? $1
+ : undef;
push @{ $class->tsv->{locationConditionText}->{$vhost} },
$url =~ /^\(\?#(.*?)\)/ ? $1
: $url =~ /^(.*?)##(.+)$/ ? $2
- : $url;
+ : $url;
$class->tsv->{locationCount}->{$vhost}++;
}
}
-$class->logger->debug("**** " . Data::Dumper::Dumper($class->tsv));
-
+
# Default policy set to 'accept'
unless ( $class->tsv->{defaultCondition}->{$vhost} ) {
$class->tsv->{defaultCondition}->{$vhost} = sub { 1 };
diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
index 5478d2325..88ba8bcb4 100644
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Run.pm
@@ -267,10 +267,29 @@ sub checkMaintenanceMode {
# @return True if the user is granted to access to the current URL
sub grant {
my ( $class, $req, $session, $uri, $cond, $vhost ) = @_;
+ my $level;
+
return $cond->( $req, $session ) if ($cond);
$vhost ||= $class->resolveAlias($req);
- if ( my $level = $class->tsv->{authnLevel}->{$vhost} ) {
+ for (
+ my $i = 0 ;
+ $i < ( $class->tsv->{locationCount}->{$vhost} || 0 ) ;
+ $i++
+ )
+ {
+ if ( $uri =~ $class->tsv->{locationRegexp}->{$vhost}->[$i] ) {
+ $level = $class->tsv->{locationAuthnLevel}->{$vhost}->[$i];
+ $class->logger->debug( 'Found AuthnLevel='
+ . $level
+ . ' for "'
+ . "$vhost/$class->tsv->{locationConditionText}->{$vhost}->[$i]"
+ . '"' );
+ last;
+ }
+ }
+
+ if ( $level ||= $class->tsv->{authnLevel}->{$vhost} ) {
if ( $session->{authenticationLevel} < $level ) {
$class->logger->debug(
"User authentication level = $session->{authenticationLevel}");
diff --git a/lemonldap-ng-manager/site/htdocs/static/forms/ruleContainer.html b/lemonldap-ng-manager/site/htdocs/static/forms/ruleContainer.html
index 446233601..04298f1bc 100644
--- a/lemonldap-ng-manager/site/htdocs/static/forms/ruleContainer.html
+++ b/lemonldap-ng-manager/site/htdocs/static/forms/ruleContainer.html
@@ -33,7 +33,7 @@
|
-
+
|
|