From 15a31d41f6d1e43cbdee60f58b6bd64023867a9d Mon Sep 17 00:00:00 2001
From: Mauricio Baeza <git@elmau.net>
Date: Sun, 3 Dec 2017 23:47:41 -0600
Subject: [PATCH] Fix - Usuario no admin

---
 source/app/middleware.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/source/app/middleware.py b/source/app/middleware.py
index d5a880c..348b89c 100644
--- a/source/app/middleware.py
+++ b/source/app/middleware.py
@@ -33,12 +33,19 @@ def static(req, res):
 class AuthMiddleware(object):
 
     def process_resource(self, req, resp, resource, params):
+        session = req.env['beaker.session']
+        user = session.get('userobj', None)
         id_session = req.cookies.get('beaker.session.id', '')
         if req.path == '/empresas' or req.path == '/values/empresas':
             if MV:
                 pass
             else:
                 raise falcon.HTTPTemporaryRedirect('/')
+        elif id_session and req.path == '/admin':
+            if user is None:
+                raise falcon.HTTPTemporaryRedirect('/')
+            elif not user.es_admin or not user.es_superusuario:
+                raise falcon.HTTPTemporaryRedirect('/main')
         elif not id_session and req.path != '/':
             raise falcon.HTTPTemporaryRedirect('/')