views:

37

answers:

1

Hi.

Did you now some class for pylons to controll access for each view?

Thanks, for the info! :)

+1  A: 

Hi,

You can use Authkit ( http://authkit.org ) and "authorize" decorator:

from authkit.authorize.pylons_adaptors import authorize
from authkit.permissions import RemoteUser

class MainController(BaseController):

    @authorize(RemoteUser())
    def index(self):
        pass

You can write your own permission class, ex. (this is part of some old project, check it if you want use it):

class HasPerm(RequestPermission):
    def __init__(self, perms, all=False, error=None):
        if isinstance(perms, str):
            perms = [perms]
        self.all = all
        self.perms = perms
        self.error = error
        self.full_access = "ADMIN"

    def check(self, app, environ, start_response):
        if not environ.has_key('REMOTE_USER'):
            if self.error:
                raise self.error
            raise NotAuthenticatedError('Not authenticated')

        user = Session.query(User)
        user = user.filter_by(name=environ['REMOTE_USER']).first()

        if not user:
            raise NotAuthorizedError('No such user')
        if user.blocked:
            raise NotAuthorizedError('User blocked')

        user_perms = [x.name for x in user.permissions]

        if self.full_access in user_perms:
           return app(environ, start_response)

        for p in self.perms:
            checked_perm = model.Permission.get_by(name=p)
            if not checked_perm:
               raise NotAuthorizedError("There is no permission")

            if checked_perm.name in user_perms and not self.all:
               return app(environ, start_response)

            if checked_perm.name not in user_perms and self.all:
               raise NotAuthorizedError("User has no permission")
        raise NotAuthorizedError("User has no permission")
Maciej Kucharz