I couldn't find a way to attach file to a message.
My apologies to other people reading this group.

--- cut here ---
import inspect
from pylons import m, session, request

__all__ = ['authenticated', 'permissions', 'AuthenticationMiddleware']

def __inspect_call(func, args, kw):
    """Clean up argument list before calling func"""
    argspec = inspect.getargspec(func)
    if argspec[2]:
        return func(*args, **kw)
    as = argspec[0]
    for k in kw.keys():
        if k not in as:
            del kw[k]
    return func(*args, **kw)

def permissions(users=[], roles=[]):
    """Authorization decorator
    Usage examples:
        @permissions(user='test')
        def action(self):
            ...
        @permissions(roles=['admins', 'managers'])
        def action(self):
            ...
    """
    def decorator(func):
        def func_wrapper(*args, **kw):
            user, user_role =
request.environ.get('security.get_auth_info')()
            if not user and not user_role:
                login_url = request.environ.get('security.login')
                if login_url:
                    m.send_redirect(login_url)
                else:
                    m.abort(401, "Authentication is required")
            if user not in users and not user_role in roles:
                m.abort(403, "Access denied")
            return __inspect_call(func, args, kw)
        return func_wrapper
    return decorator

def authenticated(user, roles=None):
    """Should be called upon successfull login
    Alternatively, use get_auth_info argument of
AuthenticationMiddleware
    """
    session['security.user'] = user
    session['security.roles'] = roles
    session.save()

def __get_auth_info():
    user = session.get('security.user')
    role = session.get('security.roles')
    if user or role:
        return (user, role)
    return (request.environ.get('REMOTE_USER'), None)

class AuthenticationMiddleware(object):
    """A middleware that controls authentication process"""
    def __init__(self, app, get_auth_info=None, login_url=None):
        """Params:
            login_url (str)
                if defined user will be redirected to that URL whenever
authenticaion is required
                otherwise 401 HTTP status is returned forcing browser
to request authentication

            get_auth_info (callable)
                if defined it will be called to retrieve authentication
information
                otherwise login procedure expected to call
authenticated()
                this callable should return tuple of two strings (user,
role)
                it is useful if authentication information
        """
        self.app = app
        self.get_auth_info = get_auth_info or __get_auth_info
        self.login_url = login_url

    def __call__(self, environ, start_response):
        environ['security.get_auth_info'] = self.get_auth_info
        environ['security.login'] = self.login_url
        return self.app(environ, start_response)
--- cut here ---


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss
-~----------~----~----~----~------~----~------~--~---

Reply via email to