upstream/kallithea Commit - r239:b18f89d6

Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system.

marcink -

r239:b18f89d6 default

parent child

pylons_app/config/environment.py

0 +8 -6

              """Pylons environment configuration"""
-             import logging
-             import os
              from mako.lookup import TemplateLookup
              from pylons.configuration import PylonsConfig
              from pylons.error import handle_mako_error
+             from pylons_app.config.routing import make_map
+             from pylons_app.lib.auth import set_available_permissions
+             from pylons_app.model import init_model
              from sqlalchemy import engine_from_config
+             import logging
+             import os
              import pylons_app.lib.app_globals as app_globals
              import pylons_app.lib.helpers
-             from pylons_app.config.routing import make_map
-             from pylons_app.model import init_model
              log = logging.getLogger(__name__)
                  init_model(sa_engine_db1)
+                 set_available_permissions(config)
                  # CONFIGURATION OPTIONS HERE (note: all config options will override
                  # any Pylons config options)

pylons_app/controllers/users.py

0 +3 -2

              from pylons.i18n.translation import _
              from pylons_app.lib import helpers as h
              from pylons.controllers.util import abort, redirect
-             from pylons_app.lib.auth import LoginRequired
+             from pylons_app.lib.auth import LoginRequired, CheckPermissionAll
              from pylons_app.lib.base import BaseController, render
              from pylons_app.model.db import User, UserLog
              from pylons_app.model.forms import UserForm
                      c.admin_user = session.get('admin_user')
                      c.admin_username = session.get('admin_username')
                      super(UsersController, self).__before__()
                  def index(self, format='html'):
                      """GET /users: All items in the collection"""
                      # url('users')

pylons_app/lib/app_globals.py

0 +1 0

                      self.paths = self.baseui.configitems('paths')
                      self.base_path = self.paths[0][1].replace('*', '')
                      self.changeset_annotation_colors = {}
+                     self.available_permissions = None # propagated after init_model

pylons_app/lib/auth.py

0 +80 -2

		@@ -1,5 +1,5 b''
1	1	from functools import wraps
2		from pylons import session, url
	2	from pylons import session, url, app_globals as g
3	3	from pylons.controllers.util import abort, redirect
4	4	from pylons_app.model import meta
5	5	from pylons_app.model.db import User
		@@ -47,7 +47,26 b' class AuthUser(object):'
47	47
48	48	def __init__(self):
49	49	pass
50
	50
	51
	52
	53	def set_available_permissions(config):
	54	"""
	55	This function will propagate pylons globals with all available defined
	56	permission given in db. We don't wannt to check each time from db for new
	57	permissions since adding a new permission also requires application restart
	58	ie. to decorate new views with the newly created permission
	59	@param config:
	60	"""
	61	from pylons_app.model.meta import Session
	62	from pylons_app.model.db import Permission
	63	logging.info('getting information about all available permissions')
	64	sa = Session()
	65	all_perms = sa.query(Permission).all()
	66	config['pylons.app_globals'].available_permissions = [x.permission_name for x in all_perms]
	67
	68
	69
51	70	#===============================================================================
52	71	# DECORATORS
53	72	#===============================================================================
		@@ -73,3 +92,62 b' class LoginRequired(object):'
73	92	return redirect(url('login_home'))
74	93
75	94	return _wrapper
	95
	96	class PermsDecorator(object):
	97
	98	def __init__(self, *perms):
	99	available_perms = g.available_permissions
	100	for perm in perms:
	101	if perm not in available_perms:
	102	raise Exception("'%s' permission in not defined" % perm)
	103	self.required_perms = set(perms)
	104	self.user_perms = set([])#propagate this list from somewhere.
	105
	106	def __call__(self, func):
	107	@wraps(func)
	108	def _wrapper(args, *kwargs):
	109	logging.info('checking %s permissions %s for %s',
	110	self.__class__.__name__[-3:], self.required_perms, func.__name__)
	111
	112	if self.check_permissions():
	113	logging.info('Permission granted for %s', func.__name__)
	114	return func(args, *kwargs)
	115
	116	else:
	117	logging.warning('Permission denied for %s', func.__name__)
	118	#redirect with forbidden ret code
	119	return redirect(url('access_denied'), 403)
	120	return _wrapper
	121
	122
	123	def check_permissions(self):
	124	"""
	125	Dummy function for overiding
	126	"""
	127	raise Exception('You have to write this function in child class')
	128
	129	class CheckPermissionAll(PermsDecorator):
	130	"""
	131	Checks for access permission for all given predicates. All of them have to
	132	be meet in order to fulfill the request
	133	"""
	134
	135	def check_permissions(self):
	136	if self.required_perms.issubset(self.user_perms):
	137	return True
	138	return False
	139
	140
	141	class CheckPermissionAny(PermsDecorator):
	142	"""
	143	Checks for access permission for any of given predicates. In order to
	144	fulfill the request any of predicates must be meet
	145	"""
	146
	147	def check_permissions(self):
	148	if self.required_perms.intersection(self.user_perms):
	149	return True
	150	return False
	151
	152
	153

pylons_app/lib/db_manage.py

0 +26 -8

+             from os.path import dirname as dn, join as jn
+             from pylons_app.lib.auth import get_crypt_password
+             from pylons_app.model import init_model
+             from pylons_app.model.db import User, Permission
+             from pylons_app.model.meta import Session, Base
+             from sqlalchemy.engine import create_engine
              import logging
-             from os.path import dirname as dn
-             from os.path import join as jn
-             from sqlalchemy.engine import create_engine
              import os
              import sys
              ROOT = dn(dn(dn(os.path.realpath(__file__))))
              sys.path.append(ROOT)
-             from pylons_app.model.db import User
-             from pylons_app.model.meta import Session, Base
-             from pylons_app.lib.auth import get_crypt_password
-             from pylons_app.model import init_model
              log = logging.getLogger('db manage')
              log.setLevel(logging.DEBUG)
                          self.sa.rollback()
                          raise
+                 def create_permissions(self):
+                     perms = [('can_view_admin_users', 'Access to admin user view'),
+                              ]
+                     for p in perms:
+                         new_perm = Permission()
+                         new_perm.permission_name = p[0]
+                         new_perm.permission_longname = p[1]
+                         try:
+                             self.sa.add(new_perm)
+                             self.sa.commit()
+                         except:
+                             self.sa.rollback()
+                             raise
              if __name__ == '__main__':
                  dbmanage = DbManage(log_sql=True)
                  dbmanage.create_tables(override=True)
-                 dbmanage.admin_prompt()
+                 dbmanage.admin_prompt()
+                 dbmanage.create_permissions()

pylons_app/model/db.py

0 +2 -1

                  __table_args__ = {'useexisting':True}
                  permission_id = Column("id", INTEGER(), nullable=False, unique=True, default=None, primary_key=1)
                  permission_name = Column("permission_name", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
+                 permission_longname = Column("permission_longname", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)
                  def __repr__(self):
                      return "<Permission('%s:%s')>" % (self.permission_id, self.permission_name)

pylons_app/templates/admin/admin.html

0 +6 -11

		@@ -12,15 +12,10 b''
12	12	${self.submenu('')}
13	13	</%def>
14	14	<%def name="main()">
15		%if c.admin_user:
16		<div>
17		<h2>Welcome ${c.admin_username}</h2>
18		<div id="user_log">
19		${c.log_data}
20		</div>
21		</div>
22		%else:
23		<h2>${_('Sorry only admin users can acces this area')}</h2>
24		%endif
25
	15	<div>
	16	<h2>Welcome ${c.admin_username}</h2>
	17	<div id="user_log">
	18	${c.log_data}
	19	</div>
	20	</div>
26	21	</%def> No newline at end of file

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages