2 authkit authorization permission objects for BlueChips
5 from authkit.authenticate import AddDictToEnviron
6 from authkit.authorize import NotAuthenticatedError, NotAuthorizedError
7 from authkit.permissions import RequestPermission
9 from bluechips import model
10 from bluechips.model import meta
12 class BlueChipUser(RequestPermission):
13 def check(self, app, environ, start_response):
14 if 'REMOTE_USER' not in environ:
15 raise NotAuthenticatedError('Not Authenticated') # pragma: nocover
16 environ['user'] = meta.Session.query(model.User).\
17 filter_by(username=unicode(environ['REMOTE_USER'])).\
19 if environ['user'] == None:
20 raise NotAuthorizedError('You are not allowed access.') # pragma: nocover
21 return app(environ, start_response)
23 class BlueChipResident(RequestPermission):
24 def check(self, app, environ, start_response):
25 if 'user' not in environ:
26 raise NotAuthenticatedError('Not Authenticated')
28 if not getattr(environ['user'], 'resident', False):
29 raise NotAuthorizedError('You are not allowed access.')
31 return app(environ, start_response)
33 class DummyAuthenticate(AddDictToEnviron):
35 Set the authkit.authenticate environment variable so
36 authkit.authorize shuts up
38 def __init__(self, app, app_conf):
40 newenv['authkit.authenticate'] = True
41 newenv['authkit.config'] = {'setup.enable': True}
42 if 'fake_username' in app_conf:
43 newenv['REMOTE_USER'] = app_conf['fake_username']
44 super(DummyAuthenticate, self).__init__(app, newenv)
47 def authenticate(environ, username, password):
48 user = meta.Session.query(model.User).\
49 filter_by(username=unicode(username),
50 password=unicode(password)).first()
51 return (user is not None)
53 __all__ = ['BlueChipUser', 'DummyAuthenticate', 'authenticate']