enabled admin/appadmin by default from trusted addresses, thanks Paolo

applications/admin/models/access.py

@@ -6,7 +6,10 @@ from gluon.fileutils import read_file
 from gluon.utils import web2py_uuid
 from pydal.contrib import portalocker
 # ###########################################################
-# ## make sure administrator is on localhost or https
+# ## make sure administrator is on localhost or https,
+# ## or from
+# ## gluon.settings.global_settings.trusted_lan_prefix
+# ## subnet
 # ###########################################################
 
 
@@ -22,6 +25,9 @@ else:
 
 if request.is_https:
     session.secure()
+elif request.env.trusted_lan_prefix and \
+     request.client.startswith(request.env.trusted_lan_prefix):
+    request.is_local = True
 elif not request.is_local and not DEMO_MODE:
     raise HTTP(200, T('Admin is disabled because insecure channel'))
 

applications/welcome/controllers/appadmin.py

@@ -30,6 +30,9 @@ except:
 
 if request.is_https:
     session.secure()
+elif request.env.trusted_lan_prefix and \
+     remote_addr.startswith(request.env.trusted_lan_prefix):
+    request.is_local = True
 elif (remote_addr not in hosts) and (remote_addr != '127.0.0.1') and \
     (request.function != 'manage'):
     raise HTTP(200, T('appadmin is disabled because insecure channel'))

gluon/settings.py

@@ -43,3 +43,7 @@ global_settings.is_source = os.path.exists(os.path.join(
         global_settings.gluon_parent, 'web2py.py'))
 
 global_settings.is_py2 = PY2
+
+# allow admin app for clients on trusted LAN when over plain http,
+# default is to allow only from localhost or when serving https
+#global_settings.trusted_lan_prefix = '192.168.0.'