File: pylons_adaptors.py

package info (click to toggle)
python-authkit 0.4.1~r143-1
  • links: PTS, VCS
  • area: main
  • in suites: lenny
  • size: 740 kB
  • ctags: 703
  • sloc: python: 4,643; makefile: 39; sh: 33
file content (74 lines) | stat: -rw-r--r-- 2,732 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
"""Pylons specific code to facilitate using AuthKit with Pylons

There is a full Pylons manual in addition to the AuthKit manual which 
you should read if you plan to use AuthKit with Pylons

.. Note ::

    In addition to the authorize methods described here, you can also use the
    default ``authkit.authorize.middleware`` function to add WSGI middleware
    authorization checks to your Pylons application since Pylons has a full
    WSGI middleware stack. Just add the middleware to your project's
    ``config/middleware.py`` file.

"""

from decorator import decorator
from pylons import request

from authkit.authorize import PermissionSetupError
from authkit.authorize import NotAuthenticatedError, NotAuthorizedError
from authkit.authorize import authorize_request as authkit_authorize_request

def authorize(permission):
    """
    This is a decorator which can be used to decorate a Pylons controller action.
    It takes the permission to check as the only argument and can be used with
    all types of permission objects.
    """
    def validate(func, self, *args, **kwargs):
        def app(environ, start_response):
            return func(self, *args, **kwargs)
        return permission.check(app, request.environ, self.start_response)
    return decorator(validate)

def authorize_request(permission):
    """
    This function can be used within a controller action to ensure that no code 
    after the function call is executed if the user doesn't pass the permission
    check specified by ``permission``.

    .. Note ::

        Unlike the ``authorize()`` decorator or
        ``authkit.authorize.middleware`` middleware, this function has no
        access to the WSGI response so cannot be used to check response-based
        permissions.  Since almost all AuthKit permissions are request-based
        this shouldn't be a big problem unless you are defining your own 
        advanced permission checks.
    """
    authkit_authorize_request(request.environ, permission)

def authorized(permission):
    """
    Similar to the ``authorize_request()`` function with no access to the
    request but rather than raising an exception to stop the request if a
    permission check fails, this function simply returns ``False`` so that you
    can test permissions in your code without triggering a sign in. It can
    therefore be used in a controller action or template.

    Use like this::

        if authorized(permission):
            return Response('You are authorized')
        else:
            return Response('Access denied')
 
    """
    try:
        authorize_request(permission)
    except (NotAuthorizedError, NotAuthenticatedError):
        return False
    else:
        return True