(self, root, absolute_path)
| 501 | |
| 502 | @check_authorization_sync |
| 503 | def validate_absolute_path(self, root, absolute_path): |
| 504 | if not self.application.auth.is_enabled() and (absolute_path.endswith("/login.html")): |
| 505 | raise tornado.web.HTTPError(404) |
| 506 | |
| 507 | relative_path = file_utils.relative_path(absolute_path, root) |
| 508 | if self.is_admin_file(relative_path): |
| 509 | if not has_admin_rights(self): |
| 510 | user_id = identify_user(self) |
| 511 | LOGGER.warning('User %s (%s) tried to access admin static file %s', |
| 512 | user_id, get_audit_name_from_request(self), relative_path) |
| 513 | raise tornado.web.HTTPError(403) |
| 514 | |
| 515 | return super(AuthorizedStaticFileHandler, self).validate_absolute_path(root, absolute_path) |
| 516 | |
| 517 | @classmethod |
| 518 | def get_absolute_path(cls, root, path): |
nothing calls this directly
no test coverage detected