kallithea: pylons_app/lib/auth.py annotate

annotate pylons_app/lib/auth.py @ 382:e0ef325cbdea

auth functions little fix

author	Marcin Kuzminski <marcin@python-works.com>
date	Tue, 03 Aug 2010 21:24:45 +0200
parents	55377fdc1fc6
children	f5c1eec9f376

rev	line source
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	1 #!/usr/bin/env python
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	2 # encoding: utf-8
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	3 # authentication and permission libraries
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	4 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	5 #
252 3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	6 # This program is free software; you can redistribute it and/or
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	7 # modify it under the terms of the GNU General Public License
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	8 # as published by the Free Software Foundation; version 2
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	9 # of the License or (at your opinion) any later version of the license.
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	10 #
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	11 # This program is distributed in the hope that it will be useful,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	14 # GNU General Public License for more details.
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	15 #
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	16 # You should have received a copy of the GNU General Public License
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	17 # along with this program; if not, write to the Free Software
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
3782a6d698af licensing updates, code cleanups Marcin Kuzminski <marcin@python-works.com> parents: 239 diff changeset	19 # MA 02110-1301, USA.
381 55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	20 """
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	21 Created on April 4, 2010
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	22
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	23 @author: marcink
55377fdc1fc6 cleared global application settings. Marcin Kuzminski <marcin@python-works.com> parents: 380 diff changeset	24 """
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	25 from beaker.cache import cache_region
6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	26 from pylons import config, session, url, request
52 25e516447a33 implemented autentication marcink parents: 48 diff changeset	27 from pylons.controllers.util import abort, redirect
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	28 from pylons_app.lib.utils import get_repo_slug
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	29 from pylons_app.model import meta
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	30 from pylons_app.model.db import User, Repo2Perm, Repository, Permission
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	31 from sqlalchemy.exc import OperationalError
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	32 from sqlalchemy.orm.exc import NoResultFound, MultipleResultsFound
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	33 import crypt
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	34 from decorator import decorator
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	35 import logging
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	36
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	37 log = logging.getLogger(__name__)
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	38
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	39 def get_crypt_password(password):
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	40 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	41 Cryptographic function used for password hashing
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	42 @param password: password to hash
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	43 """
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	44 return crypt.crypt(password, '6a')
46 9db7782727b3 Static files for production fixed Marcin Kuzminski <marcin@python-blog.com> parents: 45 diff changeset	45
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	46
6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	47 @cache_region('super_short_term', 'cached_user')
6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	48 def get_user_cached(username):
6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	49 sa = meta.Session
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	50 try:
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	51 user = sa.query(User).filter(User.username == username).one()
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	52 finally:
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	53 meta.Session.remove()
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	54 return user
6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	55
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	56 def authfunc(environ, username, password):
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	57 password_crypt = get_crypt_password(password)
42 b2bc08f2974b try except error on non existing user table marcink parents: 41 diff changeset	58 try:
343 6484963056cd implemented cache for repeated queries in simplehg mercurial requests Marcin Kuzminski <marcin@python-works.com> parents: 339 diff changeset	59 user = get_user_cached(username)
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	60 except (NoResultFound, MultipleResultsFound, OperationalError) as e:
42 b2bc08f2974b try except error on non existing user table marcink parents: 41 diff changeset	61 log.error(e)
64 08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	62 user = None
08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	63
08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	64 if user:
08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	65 if user.active:
08707974eae4 Changed auth lib for sqlalchemy Marcin Kuzminski <marcin@python-blog.com> parents: 52 diff changeset	66 if user.username == username and user.password == password_crypt:
41 71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	67 log.info('user %s authenticated correctly', username)
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	68 return True
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	69 else:
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	70 log.error('user %s is disabled', username)
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	71
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	72 return False
71ffa932799d Added app basic auth. Marcin Kuzminski <marcin@python-blog.com> parents: diff changeset	73
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	74 class AuthUser(object):
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	75 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	76 A simple object that handles a mercurial username for authentication
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	77 """
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	78 def __init__(self):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	79 self.username = 'None'
355 5bbcc0cac389 added session remove in forms, and added name and lastname to auth user Marcin Kuzminski <marcin@python-works.com> parents: 350 diff changeset	80 self.name = ''
5bbcc0cac389 added session remove in forms, and added name and lastname to auth user Marcin Kuzminski <marcin@python-works.com> parents: 350 diff changeset	81 self.lastname = ''
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	82 self.user_id = None
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	83 self.is_authenticated = False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	84 self.is_admin = False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	85 self.permissions = {}
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	86
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	87
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	88 def set_available_permissions(config):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	89 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	90 This function will propagate pylons globals with all available defined
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	91 permission given in db. We don't wannt to check each time from db for new
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	92 permissions since adding a new permission also requires application restart
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	93 ie. to decorate new views with the newly created permission
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	94 @param config:
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	95 """
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	96 log.info('getting information about all available permissions')
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	97 try:
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	98 sa = meta.Session
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	99 all_perms = sa.query(Permission).all()
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	100 finally:
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	101 meta.Session.remove()
664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	102
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	103 config['available_permissions'] = [x.permission_name for x in all_perms]
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	104
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	105 def set_base_path(config):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	106 config['base_path'] = config['pylons.app_globals'].base_path
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	107
5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	108 def fill_data(user):
5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	109 """
382 e0ef325cbdea auth functions little fix Marcin Kuzminski <marcin@python-works.com> parents: 381 diff changeset	110 Fills user data with those from database and log out user if not present
e0ef325cbdea auth functions little fix Marcin Kuzminski <marcin@python-works.com> parents: 381 diff changeset	111 in database
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	112 @param user:
5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	113 """
5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	114 sa = meta.Session
5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	115 dbuser = sa.query(User).get(user.user_id)
382 e0ef325cbdea auth functions little fix Marcin Kuzminski <marcin@python-works.com> parents: 381 diff changeset	116 if dbuser:
e0ef325cbdea auth functions little fix Marcin Kuzminski <marcin@python-works.com> parents: 381 diff changeset	117 user.username = dbuser.username
e0ef325cbdea auth functions little fix Marcin Kuzminski <marcin@python-works.com> parents: 381 diff changeset	118 user.is_admin = dbuser.admin
e0ef325cbdea auth functions little fix Marcin Kuzminski <marcin@python-works.com> parents: 381 diff changeset	119 user.name = dbuser.name
e0ef325cbdea auth functions little fix Marcin Kuzminski <marcin@python-works.com> parents: 381 diff changeset	120 user.lastname = dbuser.lastname
e0ef325cbdea auth functions little fix Marcin Kuzminski <marcin@python-works.com> parents: 381 diff changeset	121 else:
e0ef325cbdea auth functions little fix Marcin Kuzminski <marcin@python-works.com> parents: 381 diff changeset	122 user.is_authenticated = False
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	123 meta.Session.remove()
5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	124 return user
5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	125
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	126 def fill_perms(user):
367 a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	127 """
a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	128 Fills user permission attribute with permissions taken from database
a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	129 @param user:
a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	130 """
a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	131
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	132 sa = meta.Session
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	133 user.permissions['repositories'] = {}
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	134 user.permissions['global'] = set()
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	135
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	136 #first fetch default permissions
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	137 default_perms = sa.query(Repo2Perm, Repository, Permission)\
367 a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	138 .join((Repository, Repo2Perm.repository_id == Repository.repo_id))\
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	139 .join((Permission, Repo2Perm.permission_id == Permission.permission_id))\
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	140 .filter(Repo2Perm.user_id == sa.query(User).filter(User.username ==
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	141 'default').one().user_id).all()
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	142
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	143 if user.is_admin:
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	144 user.permissions['global'].add('hg.admin')
380 ca54622e39a1 Added separate create repository views for non administrative users. Marcin Kuzminski <marcin@python-works.com> parents: 377 diff changeset	145 #admin have all rights set to admin
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	146 for perm in default_perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	147 p = 'repository.admin'
367 a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	148 user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	149
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	150 else:
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	151 user.permissions['global'].add('repository.create')
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	152 for perm in default_perms:
380 ca54622e39a1 Added separate create repository views for non administrative users. Marcin Kuzminski <marcin@python-works.com> parents: 377 diff changeset	153 if perm.Repository.private and not perm.Repository.user_id == user.user_id:
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	154 #disable defaults for private repos,
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	155 p = 'repository.none'
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	156 elif perm.Repository.user_id == user.user_id:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	157 #set admin if owner
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	158 p = 'repository.admin'
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	159 else:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	160 p = perm.Permission.permission_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	161
367 a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	162 user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	163
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	164
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	165 user_perms = sa.query(Repo2Perm, Permission, Repository)\
367 a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	166 .join((Repository, Repo2Perm.repository_id == Repository.repo_id))\
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	167 .join((Permission, Repo2Perm.permission_id == Permission.permission_id))\
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	168 .filter(Repo2Perm.user_id == user.user_id).all()
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	169 #overwrite userpermissions with defaults
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	170 for perm in user_perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	171 #set write if owner
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	172 if perm.Repository.user_id == user.user_id:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	173 p = 'repository.write'
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	174 else:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	175 p = perm.Permission.permission_name
367 a26f48ad7a8a fixes issue #16 reimplementation of database repository, for using generic pk instead of repo naming as pk. Which caused to many problems. Marcin Kuzminski <marcin@python-works.com> parents: 355 diff changeset	176 user.permissions['repositories'][perm.Repo2Perm.repository.repo_name] = p
350 664a5b8c551a Added application settings, are now customizable from database Marcin Kuzminski <marcin@python-works.com> parents: 343 diff changeset	177 meta.Session.remove()
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	178 return user
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	179
299 d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	180 def get_user(session):
d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	181 """
d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	182 Gets user from session, and wraps permissions into user
d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	183 @param session:
d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	184 """
d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	185 user = session.get('hg_app_user', AuthUser())
d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	186 if user.is_authenticated:
371 5cd6616b8673 routes python 2.5 compatible Marcin Kuzminski <marcin@python-works.com> parents: 367 diff changeset	187 user = fill_data(user)
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	188 user = fill_perms(user)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	189 session['hg_app_user'] = user
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	190 session.save()
299 d303aacb3349 repos crud controllers - change id into repo_name for compatability, added ajax repo perm user function variuos html fixes, permissions forms and managment fixes. Marcin Kuzminski <marcin@python-works.com> parents: 265 diff changeset	191 return user
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	192
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	193 #===============================================================================
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	194 # CHECK DECORATORS
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	195 #===============================================================================
d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	196 class LoginRequired(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	197 """Must be logged in to execute this function else redirect to login page"""
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	198
190 d8eb7ee27b4c Added LoginRequired decorator, empty User data container, hash functions Marcin Kuzminski <marcin@python-works.com> parents: 96 diff changeset	199 def __call__(self, func):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	200 return decorator(self.__wrapper, func)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	201
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	202 def __wrapper(self, func, fargs, *fkwargs):
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	203 user = session.get('hg_app_user', AuthUser())
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	204 log.debug('Checking login required for user:%s', user.username)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	205 if user.is_authenticated:
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	206 log.debug('user %s is authenticated', user.username)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	207 return func(fargs, *fkwargs)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	208 else:
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	209 log.warn('user %s not authenticated', user.username)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	210 log.debug('redirecting to login page')
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	211 return redirect(url('login_home'))
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	212
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	213 class PermsDecorator(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	214 """Base class for decorators"""
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	215
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	216 def __init__(self, *required_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	217 available_perms = config['available_permissions']
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	218 for perm in required_perms:
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	219 if perm not in available_perms:
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	220 raise Exception("'%s' permission is not defined" % perm)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	221 self.required_perms = set(required_perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	222 self.user_perms = None
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	223
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	224 def __call__(self, func):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	225 return decorator(self.__wrapper, func)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	226
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	227
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	228 def __wrapper(self, func, fargs, *fkwargs):
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	229 # _wrapper.__name__ = func.__name__
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	230 # _wrapper.__dict__.update(func.__dict__)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	231 # _wrapper.__doc__ = func.__doc__
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	232
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	233 self.user_perms = session.get('hg_app_user', AuthUser()).permissions
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	234 log.debug('checking %s permissions %s for %s',
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	235 self.__class__.__name__, self.required_perms, func.__name__)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	236
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	237 if self.check_permissions():
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	238 log.debug('Permission granted for %s', func.__name__)
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	239
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	240 return func(fargs, *fkwargs)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	241
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	242 else:
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	243 log.warning('Permission denied for %s', func.__name__)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	244 #redirect with forbidden ret code
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	245 return abort(403)
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	246
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	247
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	248
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	249 def check_permissions(self):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	250 """Dummy function for overriding"""
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	251 raise Exception('You have to write this function in child class')
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	252
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	253 class HasPermissionAllDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	254 """Checks for access permission for all given predicates. All of them
bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	255 have to be meet in order to fulfill the request
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	256 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	257
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	258 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	259 if self.required_perms.issubset(self.user_perms.get('global')):
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	260 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	261 return False
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	262
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	263
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	264 class HasPermissionAnyDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	265 """Checks for access permission for any of given predicates. In order to
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	266 fulfill the request any of predicates must be meet
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	267 """
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	268
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	269 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	270 if self.required_perms.intersection(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	271 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	272 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	273
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	274 class HasRepoPermissionAllDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	275 """Checks for access permission for all given predicates for specific
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	276 repository. All of them have to be meet in order to fulfill the request
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	277 """
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	278
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	279 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	280 repo_name = get_repo_slug(request)
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	281 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	282 user_perms = set([self.user_perms['repositories'][repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	283 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	284 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	285 if self.required_perms.issubset(user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	286 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	287 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	288
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	289
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	290 class HasRepoPermissionAnyDecorator(PermsDecorator):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	291 """Checks for access permission for any of given predicates for specific
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	292 repository. In order to fulfill the request any of predicates must be meet
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	293 """
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	294
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	295 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	296 repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	297
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	298 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	299 user_perms = set([self.user_perms['repositories'][repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	300 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	301 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	302 if self.required_perms.intersection(user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	303 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	304 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	305 #===============================================================================
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	306 # CHECK FUNCTIONS
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	307 #===============================================================================
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	308
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	309 class PermsFunction(object):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	310 """Base function for other check functions"""
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	311
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	312 def __init__(self, *perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	313 available_perms = config['available_permissions']
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	314
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	315 for perm in perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	316 if perm not in available_perms:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	317 raise Exception("'%s' permission in not defined" % perm)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	318 self.required_perms = set(perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	319 self.user_perms = None
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	320 self.granted_for = ''
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	321 self.repo_name = None
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	322
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	323 def __call__(self, check_Location=''):
333 f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	324 user = session.get('hg_app_user', False)
f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	325 if not user:
f5f290d68646 fixed auth bug Marcin Kuzminski <marcin@python-works.com> parents: 316 diff changeset	326 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	327 self.user_perms = user.permissions
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	328 self.granted_for = user.username
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	329 log.debug('checking %s %s', self.__class__.__name__, self.required_perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	330
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	331 if self.check_permissions():
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	332 log.debug('Permission granted for %s @%s', self.granted_for,
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	333 check_Location)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	334 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	335
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	336 else:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	337 log.warning('Permission denied for %s @%s', self.granted_for,
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	338 check_Location)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	339 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	340
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	341 def check_permissions(self):
377 bd8b25ad058d Fixed decorators bug when using them with keyworded arguments,new implementation takes new approach that is more flexible Marcin Kuzminski <marcin@python-works.com> parents: 371 diff changeset	342 """Dummy function for overriding"""
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	343 raise Exception('You have to write this function in child class')
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	344
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	345 class HasPermissionAll(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	346 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	347 if self.required_perms.issubset(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	348 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	349 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	350
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	351 class HasPermissionAny(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	352 def check_permissions(self):
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	353 if self.required_perms.intersection(self.user_perms.get('global')):
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	354 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	355 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	356
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	357 class HasRepoPermissionAll(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	358
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	359 def __call__(self, repo_name=None, check_Location=''):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	360 self.repo_name = repo_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	361 return super(HasRepoPermissionAll, self).__call__(check_Location)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	362
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	363 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	364 if not self.repo_name:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	365 self.repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	366
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	367 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	368 self.user_perms = set([self.user_perms['repositories']\
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	369 [self.repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	370 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	371 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	372 self.granted_for = self.repo_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	373 if self.required_perms.issubset(self.user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	374 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	375 return False
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	376
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	377 class HasRepoPermissionAny(PermsFunction):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	378
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	379 def __call__(self, repo_name=None, check_Location=''):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	380 self.repo_name = repo_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	381 return super(HasRepoPermissionAny, self).__call__(check_Location)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	382
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	383 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	384 if not self.repo_name:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	385 self.repo_name = get_repo_slug(request)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	386
339 5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	387 try:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	388 self.user_perms = set([self.user_perms['repositories']\
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	389 [self.repo_name]])
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	390 except KeyError:
5d517bbf0a0d some extra checks for auth lib Marcin Kuzminski <marcin@python-works.com> parents: 333 diff changeset	391 return False
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	392 self.granted_for = self.repo_name
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	393 if self.required_perms.intersection(self.user_perms):
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	394 return True
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	395 return False
b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	396
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	397 #===============================================================================
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	398 # SPECIAL VERSION TO HANDLE MIDDLEWARE AUTH
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	399 #===============================================================================
239 b18f89d6d17f Adde draft for permissions systems, made all needed decorators, and checks. For future usage in the system. Marcin Kuzminski <marcin@python-works.com> parents: 234 diff changeset	400
316 d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	401 class HasPermissionAnyMiddleware(object):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	402 def __init__(self, *perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	403 self.required_perms = set(perms)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	404
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	405 def __call__(self, user, repo_name):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	406 usr = AuthUser()
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	407 usr.user_id = user.user_id
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	408 usr.username = user.username
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	409 usr.is_admin = user.admin
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	410
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	411 try:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	412 self.user_perms = set([fill_perms(usr)\
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	413 .permissions['repositories'][repo_name]])
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	414 except:
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	415 self.user_perms = set()
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	416 self.granted_for = ''
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	417 self.username = user.username
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	418 self.repo_name = repo_name
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	419 return self.check_permissions()
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	420
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	421 def check_permissions(self):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	422 log.debug('checking mercurial protocol '
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	423 'permissions for user:%s repository:%s',
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	424 self.username, self.repo_name)
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	425 if self.required_perms.intersection(self.user_perms):
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	426 log.debug('permission granted')
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	427 return True
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	428 log.debug('permission denied')
d6e2817734d2 Full rewrite of auth module, new functions/decorators. FIxed auth user Marcin Kuzminski <marcin@python-works.com> parents: 299 diff changeset	429 return False

Mercurial > kallithea

annotate pylons_app/lib/auth.py @ 382:e0ef325cbdea