Show More
| @@ -2,7 +2,7 b'' | |||||
| 2 | # encoding: utf-8 |
|
2 | # encoding: utf-8 | |
| 3 | # authentication and permission libraries |
|
3 | # authentication and permission libraries | |
| 4 | # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> |
|
4 | # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com> | |
| 5 |
|
5 | # | ||
| 6 | # This program is free software; you can redistribute it and/or |
|
6 | # This program is free software; you can redistribute it and/or | |
| 7 | # modify it under the terms of the GNU General Public License |
|
7 | # modify it under the terms of the GNU General Public License | |
| 8 | # as published by the Free Software Foundation; version 2 |
|
8 | # as published by the Free Software Foundation; version 2 | |
| @@ -17,13 +17,7 b'' | |||||
| 17 | # along with this program; if not, write to the Free Software |
|
17 | # along with this program; if not, write to the Free Software | |
| 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, |
|
18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, | |
| 19 | # MA 02110-1301, USA. |
|
19 | # MA 02110-1301, USA. | |
| 20 | """ |
|
|||
| 21 | Created on April 4, 2010 |
|
|||
| 22 |
|
||||
| 23 | @author: marcink |
|
|||
| 24 | """ |
|
|||
| 25 | from beaker.cache import cache_region |
|
20 | from beaker.cache import cache_region | |
| 26 | from functools import wraps |
|
|||
| 27 | from pylons import config, session, url, request |
|
21 | from pylons import config, session, url, request | |
| 28 | from pylons.controllers.util import abort, redirect |
|
22 | from pylons.controllers.util import abort, redirect | |
| 29 | from pylons_app.lib.utils import get_repo_slug |
|
23 | from pylons_app.lib.utils import get_repo_slug | |
| @@ -32,7 +26,13 b' from pylons_app.model.db import User, Re' | |||||
| 32 | from sqlalchemy.exc import OperationalError |
|
26 | from sqlalchemy.exc import OperationalError | |
| 33 | from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound |
|
27 | from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound | |
| 34 | import crypt |
|
28 | import crypt | |
|
|
29 | from decorator import decorator | |||
| 35 | import logging |
|
30 | import logging | |
|
|
31 | """ | |||
|
|
32 | Created on April 4, 2010 | |||
|
|
33 | ||||
|
|
34 | @author: marcink | |||
|
|
35 | """ | |||
| 36 |
|
36 | |||
| 37 | log = logging.getLogger(__name__) |
|
37 | log = logging.getLogger(__name__) | |
| 38 |
|
38 | |||
| @@ -146,7 +146,7 b' def fill_perms(user):' | |||||
| 146 | user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p |
|
146 | user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p | |
| 147 |
|
147 | |||
| 148 | else: |
|
148 | else: | |
| 149 | user.permissions['global'].add('') |
|
149 | user.permissions['global'].add('repository.create') | |
| 150 | for perm in default_perms: |
|
150 | for perm in default_perms: | |
| 151 | if perm.Repository.private: |
|
151 | if perm.Repository.private: | |
| 152 | #disable defaults for private repos, |
|
152 | #disable defaults for private repos, | |
| @@ -192,29 +192,24 b' def get_user(session):' | |||||
| 192 | # CHECK DECORATORS |
|
192 | # CHECK DECORATORS | |
| 193 | #=============================================================================== |
|
193 | #=============================================================================== | |
| 194 | class LoginRequired(object): |
|
194 | class LoginRequired(object): | |
| 195 | """ |
|
195 | """Must be logged in to execute this function else redirect to login page""" | |
| 196 | Must be logged in to execute this function else redirect to login page |
|
|||
| 197 | """ |
|
|||
| 198 |
|
196 | |||
| 199 | def __call__(self, func): |
|
197 | def __call__(self, func): | |
| 200 | @wraps(func) |
|
198 | return decorator(self.__wrapper, func) | |
| 201 | def _wrapper(*fargs, **fkwargs): |
|
199 | ||
| 202 | user = session.get('hg_app_user', AuthUser()) |
|
200 | def __wrapper(self, func, *fargs, **fkwargs): | |
| 203 | log.debug('Checking login required for user:%s', user.username) |
|
201 | user = session.get('hg_app_user', AuthUser()) | |
| 204 | if user.is_authenticated: |
|
202 | log.debug('Checking login required for user:%s', user.username) | |
| 205 | log.debug('user %s is authenticated', user.username) |
|
203 | if user.is_authenticated: | |
| 206 | func(*fargs) |
|
204 | log.debug('user %s is authenticated', user.username) | |
| 207 | else: |
|
205 | return func(*fargs, **fkwargs) | |
| 208 | log.warn('user %s not authenticated', user.username) |
|
206 | else: | |
| 209 | log.debug('redirecting to login page') |
|
207 | log.warn('user %s not authenticated', user.username) | |
| 210 |
|
|
208 | log.debug('redirecting to login page') | |
| 211 |
|
209 | return redirect(url('login_home')) | ||
| 212 | return _wrapper |
|
|||
| 213 |
|
210 | |||
| 214 | class PermsDecorator(object): |
|
211 | class PermsDecorator(object): | |
| 215 | """ |
|
212 | """Base class for decorators""" | |
| 216 | Base class for decorators |
|
|||
| 217 | """ |
|
|||
| 218 |
|
213 | |||
| 219 | def __init__(self, *required_perms): |
|
214 | def __init__(self, *required_perms): | |
| 220 | available_perms = config['available_permissions'] |
|
215 | available_perms = config['available_permissions'] | |
| @@ -225,33 +220,37 b' class PermsDecorator(object):' | |||||
| 225 | self.user_perms = None |
|
220 | self.user_perms = None | |
| 226 |
|
221 | |||
| 227 | def __call__(self, func): |
|
222 | def __call__(self, func): | |
| 228 | @wraps(func) |
|
223 | return decorator(self.__wrapper, func) | |
| 229 | def _wrapper(*fargs, **fkwargs): |
|
224 | ||
| 230 | self.user_perms = session.get('hg_app_user', AuthUser()).permissions |
|
225 | ||
| 231 | log.debug('checking %s permissions %s for %s', |
|
226 | def __wrapper(self, func, *fargs, **fkwargs): | |
| 232 | self.__class__.__name__, self.required_perms, func.__name__) |
|
227 | # _wrapper.__name__ = func.__name__ | |
|
|
228 | # _wrapper.__dict__.update(func.__dict__) | |||
|
|
229 | # _wrapper.__doc__ = func.__doc__ | |||
|
|
230 | ||||
|
|
231 | self.user_perms = session.get('hg_app_user', AuthUser()).permissions | |||
|
|
232 | log.debug('checking %s permissions %s for %s', | |||
|
|
233 | self.__class__.__name__, self.required_perms, func.__name__) | |||
|
|
234 | ||||
|
|
235 | if self.check_permissions(): | |||
|
|
236 | log.debug('Permission granted for %s', func.__name__) | |||
| 233 |
|
237 | |||
| 234 | if self.check_permissions(): |
|
238 | return func(*fargs, **fkwargs) | |
| 235 | log.debug('Permission granted for %s', func.__name__) |
|
239 | ||
| 236 | return func(*fargs) |
|
240 | else: | |
| 237 |
|
241 | log.warning('Permission denied for %s', func.__name__) | ||
| 238 | else: |
|
242 | #redirect with forbidden ret code | |
| 239 | log.warning('Permission denied for %s', func.__name__) |
|
243 | return abort(403) | |
| 240 | #redirect with forbidden ret code |
|
244 | ||
| 241 | return abort(403) |
|
|||
| 242 | return _wrapper |
|
|||
| 243 |
|
245 | |||
| 244 |
|
246 | |||
| 245 | def check_permissions(self): |
|
247 | def check_permissions(self): | |
| 246 | """ |
|
248 | """Dummy function for overriding""" | |
| 247 | Dummy function for overriding |
|
|||
| 248 | """ |
|
|||
| 249 | raise Exception('You have to write this function in child class') |
|
249 | raise Exception('You have to write this function in child class') | |
| 250 |
|
250 | |||
| 251 | class HasPermissionAllDecorator(PermsDecorator): |
|
251 | class HasPermissionAllDecorator(PermsDecorator): | |
| 252 | """ |
|
252 | """Checks for access permission for all given predicates. All of them | |
| 253 | Checks for access permission for all given predicates. All of them have to |
|
253 | have to be meet in order to fulfill the request | |
| 254 | be meet in order to fulfill the request |
|
|||
| 255 | """ |
|
254 | """ | |
| 256 |
|
255 | |||
| 257 | def check_permissions(self): |
|
256 | def check_permissions(self): | |
| @@ -261,8 +260,7 b' class HasPermissionAllDecorator(PermsDec' | |||||
| 261 |
|
260 | |||
| 262 |
|
261 | |||
| 263 | class HasPermissionAnyDecorator(PermsDecorator): |
|
262 | class HasPermissionAnyDecorator(PermsDecorator): | |
| 264 | """ |
|
263 | """Checks for access permission for any of given predicates. In order to | |
| 265 | Checks for access permission for any of given predicates. In order to |
|
|||
| 266 | fulfill the request any of predicates must be meet |
|
264 | fulfill the request any of predicates must be meet | |
| 267 | """ |
|
265 | """ | |
| 268 |
|
266 | |||
| @@ -272,8 +270,7 b' class HasPermissionAnyDecorator(PermsDec' | |||||
| 272 | return False |
|
270 | return False | |
| 273 |
|
271 | |||
| 274 | class HasRepoPermissionAllDecorator(PermsDecorator): |
|
272 | class HasRepoPermissionAllDecorator(PermsDecorator): | |
| 275 | """ |
|
273 | """Checks for access permission for all given predicates for specific | |
| 276 | Checks for access permission for all given predicates for specific |
|
|||
| 277 | repository. All of them have to be meet in order to fulfill the request |
|
274 | repository. All of them have to be meet in order to fulfill the request | |
| 278 | """ |
|
275 | """ | |
| 279 |
|
276 | |||
| @@ -289,8 +286,7 b' class HasRepoPermissionAllDecorator(Perm' | |||||
| 289 |
|
286 | |||
| 290 |
|
287 | |||
| 291 | class HasRepoPermissionAnyDecorator(PermsDecorator): |
|
288 | class HasRepoPermissionAnyDecorator(PermsDecorator): | |
| 292 | """ |
|
289 | """Checks for access permission for any of given predicates for specific | |
| 293 | Checks for access permission for any of given predicates for specific |
|
|||
| 294 | repository. In order to fulfill the request any of predicates must be meet |
|
290 | repository. In order to fulfill the request any of predicates must be meet | |
| 295 | """ |
|
291 | """ | |
| 296 |
|
292 | |||
| @@ -309,9 +305,7 b' class HasRepoPermissionAnyDecorator(Perm' | |||||
| 309 | #=============================================================================== |
|
305 | #=============================================================================== | |
| 310 |
|
306 | |||
| 311 | class PermsFunction(object): |
|
307 | class PermsFunction(object): | |
| 312 | """ |
|
308 | """Base function for other check functions""" | |
| 313 | Base function for other check functions |
|
|||
| 314 | """ |
|
|||
| 315 |
|
309 | |||
| 316 | def __init__(self, *perms): |
|
310 | def __init__(self, *perms): | |
| 317 | available_perms = config['available_permissions'] |
|
311 | available_perms = config['available_permissions'] | |
| @@ -343,9 +337,7 b' class PermsFunction(object):' | |||||
| 343 | return False |
|
337 | return False | |
| 344 |
|
338 | |||
| 345 | def check_permissions(self): |
|
339 | def check_permissions(self): | |
| 346 | """ |
|
340 | """Dummy function for overriding""" | |
| 347 | Dummy function for overriding |
|
|||
| 348 | """ |
|
|||
| 349 | raise Exception('You have to write this function in child class') |
|
341 | raise Exception('You have to write this function in child class') | |
| 350 |
|
342 | |||
| 351 | class HasPermissionAll(PermsFunction): |
|
343 | class HasPermissionAll(PermsFunction): | |
| @@ -382,7 +374,6 b' class HasRepoPermissionAll(PermsFunction' | |||||
| 382 |
|
374 | |||
| 383 | class HasRepoPermissionAny(PermsFunction): |
|
375 | class HasRepoPermissionAny(PermsFunction): | |
| 384 |
|
376 | |||
| 385 |
|
||||
| 386 | def __call__(self, repo_name=None, check_Location=''): |
|
377 | def __call__(self, repo_name=None, check_Location=''): | |
| 387 | self.repo_name = repo_name |
|
378 | self.repo_name = repo_name | |
| 388 | return super(HasRepoPermissionAny, self).__call__(check_Location) |
|
379 | return super(HasRepoPermissionAny, self).__call__(check_Location) | |
General Comments 0
You need to be logged in to leave comments.
Login now