Mercurial > public > src > rhodecode

annotate pylons_app/lib/auth.py @ 239:b18f89d6d17f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
author Marcin Kuzminski <marcin@python-works.com>
date Sun, 30 May 2010 19:49:40 +0200
parents a0116e944da1
children 3782a6d698af
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
1 from functools import wraps
239
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
2 from pylons import session, url, app_globals as g
52
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
3 from pylons.controllers.util import abort, redirect
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
4 from pylons_app.model import meta
234
a0116e944da1 changed naming convention for db modules.
Marcin Kuzminski <marcin@python-works.com>
parents: 200
diff changeset
5 from pylons_app.model.db import User
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
6 from sqlalchemy.exc import OperationalError
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
7 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
8 import crypt
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
9 import logging
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
10 log = logging.getLogger(__name__)
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
11
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
12 def get_crypt_password(password):
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
13 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
14 Cryptographic function used for password hashing
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
15 @param password: password to hash
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
16 """
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
17 return crypt.crypt(password, '6a')
46
9db7782727b3 Static files for production fixed
Marcin Kuzminski <marcin@python-blog.com>
parents: 45
diff changeset
18
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
19 def authfunc(environ, username, password):
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
20 sa = meta.Session
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
21 password_crypt = get_crypt_password(password)
42
b2bc08f2974b try except error on non existing user table
marcink
parents: 41
diff changeset
22 try:
234
a0116e944da1 changed naming convention for db modules.
Marcin Kuzminski <marcin@python-works.com>
parents: 200
diff changeset
23 user = sa.query(User).filter(User.username == username).one()
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
24 except (NoResultFound, MultipleResultsFound, OperationalError) as e:
42
b2bc08f2974b try except error on non existing user table
marcink
parents: 41
diff changeset
25 log.error(e)
64
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
26 user = None
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
27
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
28 if user:
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
29 if user.active:
08707974eae4 Changed auth lib for sqlalchemy
Marcin Kuzminski <marcin@python-blog.com>
parents: 52
diff changeset
30 if user.username == username and user.password == password_crypt:
41
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
31 log.info('user %s authenticated correctly', username)
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
32 return True
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
33 else:
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
34 log.error('user %s is disabled', username)
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
35
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
36 return False
71ffa932799d Added app basic auth.
Marcin Kuzminski <marcin@python-blog.com>
parents:
diff changeset
37
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
38 class AuthUser(object):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
39 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
40 A simple object that handles a mercurial username for authentication
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
41 """
199
78e406a4c58e moved checking for user in session to wrapper function of LoginRequired decorator since it was working quite strange.
Marcin Kuzminski <marcin@python-works.com>
parents: 197
diff changeset
42 username = 'None'
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
43 is_authenticated = False
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
44 is_admin = False
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
45 permissions = set()
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
46 group = set()
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
47
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
48 def __init__(self):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
49 pass
239
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
50
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
51
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
52
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
53 def set_available_permissions(config):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
54 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
55 This function will propagate pylons globals with all available defined
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
56 permission given in db. We don't wannt to check each time from db for new
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
57 permissions since adding a new permission also requires application restart
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
58 ie. to decorate new views with the newly created permission
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
59 @param config:
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
60 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
61 from pylons_app.model.meta import Session
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
62 from pylons_app.model.db import Permission
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
63 logging.info('getting information about all available permissions')
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
64 sa = Session()
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
65 all_perms = sa.query(Permission).all()
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
66 config['pylons.app_globals'].available_permissions = [x.permission_name for x in all_perms]
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
67
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
68
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
69
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
70 #===============================================================================
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
71 # DECORATORS
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
72 #===============================================================================
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
73 class LoginRequired(object):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
74 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
75 Must be logged in to execute this function else redirect to login page
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
76 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
77 def __init__(self):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
78 pass
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
79
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
80 def __call__(self, func):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
81
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
82 @wraps(func)
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
83 def _wrapper(*fargs, **fkwargs):
199
78e406a4c58e moved checking for user in session to wrapper function of LoginRequired decorator since it was working quite strange.
Marcin Kuzminski <marcin@python-works.com>
parents: 197
diff changeset
84 user = session.get('hg_app_user', AuthUser())
78e406a4c58e moved checking for user in session to wrapper function of LoginRequired decorator since it was working quite strange.
Marcin Kuzminski <marcin@python-works.com>
parents: 197
diff changeset
85 log.info('Checking login required for user:%s', user.username)
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
86 if user.is_authenticated:
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
87 log.info('user %s is authenticated', user.username)
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
88 func(*fargs)
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
89 else:
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
90 logging.info('user %s not authenticated', user.username)
199
78e406a4c58e moved checking for user in session to wrapper function of LoginRequired decorator since it was working quite strange.
Marcin Kuzminski <marcin@python-works.com>
parents: 197
diff changeset
91 logging.info('redirecting to login page')
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
92 return redirect(url('login_home'))
52
25e516447a33 implemented autentication
marcink
parents: 48
diff changeset
93
190
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions
Marcin Kuzminski <marcin@python-works.com>
parents: 96
diff changeset
94 return _wrapper
239
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
95
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
96 class PermsDecorator(object):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
97
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
98 def __init__(self, *perms):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
99 available_perms = g.available_permissions
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
100 for perm in perms:
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
101 if perm not in available_perms:
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
102 raise Exception("'%s' permission in not defined" % perm)
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
103 self.required_perms = set(perms)
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
104 self.user_perms = set([])#propagate this list from somewhere.
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
105
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
106 def __call__(self, func):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
107 @wraps(func)
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
108 def _wrapper(*args, **kwargs):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
109 logging.info('checking %s permissions %s for %s',
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
110 self.__class__.__name__[-3:], self.required_perms, func.__name__)
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
111
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
112 if self.check_permissions():
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
113 logging.info('Permission granted for %s', func.__name__)
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
114 return func(*args, **kwargs)
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
115
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
116 else:
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
117 logging.warning('Permission denied for %s', func.__name__)
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
118 #redirect with forbidden ret code
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
119 return redirect(url('access_denied'), 403)
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
120 return _wrapper
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
121
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
122
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
123 def check_permissions(self):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
124 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
125 Dummy function for overiding
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
126 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
127 raise Exception('You have to write this function in child class')
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
128
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
129 class CheckPermissionAll(PermsDecorator):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
130 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
131 Checks for access permission for all given predicates. All of them have to
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
132 be meet in order to fulfill the request
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
133 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
134
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
135 def check_permissions(self):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
136 if self.required_perms.issubset(self.user_perms):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
137 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
138 return False
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
139
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
140
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
141 class CheckPermissionAny(PermsDecorator):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
142 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
143 Checks for access permission for any of given predicates. In order to
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
144 fulfill the request any of predicates must be meet
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
145 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
146
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
147 def check_permissions(self):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
148 if self.required_perms.intersection(self.user_perms):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
149 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
150 return False
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
151
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
152
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.
Marcin Kuzminski <marcin@python-works.com>
parents: 234
diff changeset
153