src/rhodecode: pylons_app/lib/auth.py comparison

comparison pylons_app/lib/auth.py @ 409:bd8b25ad058d

Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible

author	Marcin Kuzminski <marcin@python-works.com>
date	Sat, 31 Jul 2010 18:47:43 +0200
parents	5cd6616b8673
children	ca54622e39a1

comparison

equal deleted inserted replaced

-:7fbf81447c6c
+:bd8b25ad058d
 #!/usr/bin/env python
 # encoding: utf-8
 # authentication and permission libraries
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
 #
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
-"""
-Created on April 4, 2010
-@author: marcink
-"""
 from beaker.cache import cache_region
-from functools import wraps
 from pylons import config, session, url, request
 from pylons.controllers.util import abort, redirect
 from pylons_app.lib.utils import get_repo_slug
 from pylons_app.model import meta
 from pylons_app.model.db import User, Repo2Perm, Repository, Permission
 from sqlalchemy.exc import OperationalError
 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
 import crypt
+from decorator import decorator
 import logging
+"""
+Created on April 4, 2010
+@author: marcink
+"""
 log = logging.getLogger(__name__)
 def get_crypt_password(password):
 """
 for perm in default_perms:
 p = 'repository.admin'
 user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p
 else:
-user.permissions['global'].add('')
+user.permissions['global'].add('repository.create')
 for perm in default_perms:
 if perm.Repository.private:
 #disable defaults for private repos,
 p = 'repository.none'
 elif perm.Repository.user_id == user.user_id:
 #===============================================================================
 # CHECK DECORATORS
 #===============================================================================
 class LoginRequired(object):
-"""
+"""Must be logged in to execute this function else redirect to login page"""
-Must be logged in to execute this function else redirect to login page
-"""
 def __call__(self, func):
-@wraps(func)
+return decorator(self.__wrapper, func)
-def _wrapper(*fargs, **fkwargs):
-user = session.get('hg_app_user', AuthUser())
+def __wrapper(self, func, *fargs, **fkwargs):
-log.debug('Checking login required for user:%s', user.username)
+user = session.get('hg_app_user', AuthUser())
-if user.is_authenticated:
+log.debug('Checking login required for user:%s', user.username)
-log.debug('user %s is authenticated', user.username)
+if user.is_authenticated:
-func(*fargs)
+log.debug('user %s is authenticated', user.username)
-else:
+return func(*fargs, **fkwargs)
-log.warn('user %s not authenticated', user.username)
+else:
-log.debug('redirecting to login page')
+log.warn('user %s not authenticated', user.username)
-return redirect(url('login_home'))
+log.debug('redirecting to login page')
+return redirect(url('login_home'))
-return _wrapper
 class PermsDecorator(object):
-"""
+"""Base class for decorators"""
-Base class for decorators
-"""
 def __init__(self, *required_perms):
 available_perms = config['available_permissions']
 for perm in required_perms:
 if perm not in available_perms:
 raise Exception("'%s' permission is not defined" % perm)
 self.required_perms = set(required_perms)
 self.user_perms = None
 def __call__(self, func):
-@wraps(func)
+return decorator(self.__wrapper, func)
-def _wrapper(*fargs, **fkwargs):
-self.user_perms = session.get('hg_app_user', AuthUser()).permissions
-log.debug('checking %s permissions %s for %s',
+def __wrapper(self, func, *fargs, **fkwargs):
-self.__class__.__name__, self.required_perms, func.__name__)
+#        _wrapper.__name__ = func.__name__
+#        _wrapper.__dict__.update(func.__dict__)
-if self.check_permissions():
+#        _wrapper.__doc__ = func.__doc__
-log.debug('Permission granted for %s', func.__name__)
-return func(*fargs)
+self.user_perms = session.get('hg_app_user', AuthUser()).permissions
+log.debug('checking %s permissions %s for %s',
-else:
+self.__class__.__name__, self.required_perms, func.__name__)
-log.warning('Permission denied for %s', func.__name__)
-#redirect with forbidden ret code
+if self.check_permissions():
-return abort(403)
+log.debug('Permission granted for %s', func.__name__)
-return _wrapper
+return func(*fargs, **fkwargs)
-def check_permissions(self):
+else:
-"""
+log.warning('Permission denied for %s', func.__name__)
-Dummy function for overriding
+#redirect with forbidden ret code
-"""
+return abort(403)
+def check_permissions(self):
+"""Dummy function for overriding"""
 raise Exception('You have to write this function in child class')
 class HasPermissionAllDecorator(PermsDecorator):
-"""
+"""Checks for access permission for all given predicates. All of them
-Checks for access permission for all given predicates. All of them have to
+have to be meet in order to fulfill the request
-be meet in order to fulfill the request
 """
 def check_permissions(self):
 if self.required_perms.issubset(self.user_perms.get('global')):
 return True
 return False
 class HasPermissionAnyDecorator(PermsDecorator):
-"""
+"""Checks for access permission for any of given predicates. In order to
-Checks for access permission for any of given predicates. In order to
 fulfill the request any of predicates must be meet
 """
 def check_permissions(self):
 if self.required_perms.intersection(self.user_perms.get('global')):
 return True
 return False
 class HasRepoPermissionAllDecorator(PermsDecorator):
-"""
+"""Checks for access permission for all given predicates for specific
-Checks for access permission for all given predicates for specific
 repository. All of them have to be meet in order to fulfill the request
 """
 def check_permissions(self):
 repo_name = get_repo_slug(request)
 return True
 return False
 class HasRepoPermissionAnyDecorator(PermsDecorator):
-"""
+"""Checks for access permission for any of given predicates for specific
-Checks for access permission for any of given predicates for specific
 repository. In order to fulfill the request any of predicates must be meet
 """
 def check_permissions(self):
 repo_name = get_repo_slug(request)
 #===============================================================================
 # CHECK FUNCTIONS
 #===============================================================================
 class PermsFunction(object):
-"""
+"""Base function for other check functions"""
-Base function for other check functions
-"""
 def __init__(self, *perms):
 available_perms = config['available_permissions']
 for perm in perms:
 log.warning('Permission denied for %s @%s', self.granted_for,
 check_Location)
 return False
 def check_permissions(self):
-"""
+"""Dummy function for overriding"""
-Dummy function for overriding
-"""
 raise Exception('You have to write this function in child class')
 class HasPermissionAll(PermsFunction):
 def check_permissions(self):
 if self.required_perms.issubset(self.user_perms.get('global')):
 if self.required_perms.issubset(self.user_perms):
 return True
 return False
 class HasRepoPermissionAny(PermsFunction):
 def __call__(self, repo_name=None, check_Location=''):
 self.repo_name = repo_name
 return super(HasRepoPermissionAny, self).__call__(check_Location)

Mercurial > public > src > rhodecode

comparison pylons_app/lib/auth.py @ 409:bd8b25ad058d