# HG changeset patch
# User marcink
# Date 1270720806 -7200
# Node ID 25e516447a333d1e239ad75df8c12e6262e519e7
# Parent  a699c008834478ecdf8fe1518c966a8d2030e6b7
implemented autentication

diff -r a699c0088344 -r 25e516447a33 pylons_app/controllers/admin.py
--- a/pylons_app/controllers/admin.py	Thu Apr 08 11:29:14 2010 +0200
+++ b/pylons_app/controllers/admin.py	Thu Apr 08 12:00:06 2010 +0200
@@ -12,14 +12,14 @@
 from pylons_app.model.forms import LoginForm
 import formencode
 import formencode.htmlfill as htmlfill
+from pylons_app.lib.auth import authenticate
 log = logging.getLogger(__name__)
 
 class AdminController(BaseController):
 
-
     def __before__(self):
         c.staticurl = g.statics
-        c.admin_user = session.get('admin_user')
+        c.admin_user = session.get('admin_user', False)
         c.admin_username = session.get('admin_username')
         
     def index(self):
diff -r a699c0088344 -r 25e516447a33 pylons_app/controllers/repos.py
--- a/pylons_app/controllers/repos.py	Thu Apr 08 11:29:14 2010 +0200
+++ b/pylons_app/controllers/repos.py	Thu Apr 08 12:00:06 2010 +0200
@@ -6,6 +6,8 @@
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model import meta
 from pylons_app.model.db import Users, UserLogs
+from pylons_app.lib.auth import authenticate
+
 log = logging.getLogger(__name__)
 
 class ReposController(BaseController):
@@ -13,6 +15,8 @@
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('repo', 'repos')
+    
+    @authenticate
     def __before__(self):
         c.staticurl = g.statics
         c.admin_user = session.get('admin_user')
diff -r a699c0088344 -r 25e516447a33 pylons_app/controllers/users.py
--- a/pylons_app/controllers/users.py	Thu Apr 08 11:29:14 2010 +0200
+++ b/pylons_app/controllers/users.py	Thu Apr 08 12:00:06 2010 +0200
@@ -7,7 +7,9 @@
 from formencode import htmlfill
 from pylons_app.model import meta
 from pylons_app.model.db import Users, UserLogs
+from pylons_app.lib.auth import authenticate
 import crypt
+
 log = logging.getLogger(__name__)
 
 class UsersController(BaseController):
@@ -16,6 +18,7 @@
     # file has a resource setup:
     #     map.resource('user', 'users')
     
+    @authenticate
     def __before__(self):
         c.staticurl = g.statics
         c.admin_user = session.get('admin_user')
diff -r a699c0088344 -r 25e516447a33 pylons_app/lib/auth.py
--- a/pylons_app/lib/auth.py	Thu Apr 08 11:29:14 2010 +0200
+++ b/pylons_app/lib/auth.py	Thu Apr 08 12:00:06 2010 +0200
@@ -4,7 +4,9 @@
 from os.path import dirname as dn
 from datetime import datetime
 import crypt
-
+from pylons import session, url
+from pylons.controllers.util import abort, redirect
+from decorator import decorator
 log = logging.getLogger(__name__)
 ROOT = dn(dn(dn(os.path.realpath(__file__))))
 
@@ -60,9 +62,9 @@
                                 cmd += "|" + qry
                                 
                                 try:
-                                    cur.execute('''INSERT INTO 
+                                    cur.execute("""INSERT INTO 
                                                         user_logs 
-                                                   VALUES(?,?,?,?)''',
+                                                   VALUES(?,?,?,?)""",
                                                     (None, data[0], cmd, datetime.now()))
                                     conn.commit()
                                 except Exception as e:
@@ -75,27 +77,34 @@
             
     return False
 
+
+@decorator
+def authenticate(fn, *args, **kwargs):
+    if not session.get('admin_user', False):
+        redirect(url('admin_home'), 301)
+    return fn(*args, **kwargs)
+
 def create_user_table():
-    '''
+    """
     Create a auth database
-    '''
+    """
     conn, cur = get_sqlite_conn_cur()
     try:
         log.info('creating table %s', 'users')
-        cur.execute('''DROP TABLE IF EXISTS users ''')
-        cur.execute('''CREATE TABLE users
+        cur.execute("""DROP TABLE IF EXISTS users """)
+        cur.execute("""CREATE TABLE users
                         (user_id INTEGER PRIMARY KEY AUTOINCREMENT, 
                          username TEXT, 
                          password TEXT,
                          active INTEGER,
-                         admin INTEGER)''')
+                         admin INTEGER)""")
         log.info('creating table %s', 'user_logs')
-        cur.execute('''DROP TABLE IF EXISTS user_logs ''')
-        cur.execute('''CREATE TABLE user_logs
+        cur.execute("""DROP TABLE IF EXISTS user_logs """)
+        cur.execute("""CREATE TABLE user_logs
                         (id INTEGER PRIMARY KEY AUTOINCREMENT,
                             user_id INTEGER,
                             last_action TEXT, 
-                            last_action_date DATETIME)''')
+                            last_action_date DATETIME)""")
         conn.commit()
     except:
         conn.rollback()
@@ -108,7 +117,7 @@
     password_crypt = crypt.crypt(password, '6a')
     log.info('creating user %s', username)
     try:
-        cur.execute('''INSERT INTO users values (?,?,?,?,?) ''',
+        cur.execute("""INSERT INTO users values (?,?,?,?,?) """,
                     (None, username, password_crypt, 1, admin))     
         conn.commit()
     except: