From 7f6b63a97f93143319ccfe84805140e1e499babc Mon Sep 17 00:00:00 2001
From: Istiak Ferdous <30789544+istiak101@users.noreply.github.com>
Date: Wed, 9 Jun 2021 12:30:50 +0600
Subject: [PATCH] Prevent non-logged in user from accessing endpoint

Prevent non-logged in user from accessing endpoint https://hostname/ip:8090/base/getSystemStatus
---
 baseTemplate/views.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/baseTemplate/views.py b/baseTemplate/views.py
index ce4631b23..b1ee88909 100755
--- a/baseTemplate/views.py
+++ b/baseTemplate/views.py
@@ -66,6 +66,8 @@ def getAdminStatus(request):
 
 def getSystemStatus(request):
     try:
+        val = request.session['userID']
+        currentACL = ACLManager.loadedACL(val)
         HTTPData = SystemInformation.getSystemInformation()
         json_data = json.dumps(HTTPData)
         return HttpResponse(json_data)
@@ -195,4 +197,4 @@ def upgradeVersion(request):
         return HttpResponse("Version upgrade OK.")
     except BaseException as msg:
         logging.CyberCPLogFileWriter.writeToFile(str(msg))
-        return HttpResponse(str(msg))
\ No newline at end of file
+        return HttpResponse(str(msg))