2 authkit authorization permission objects for BlueChips
5 from authkit.authenticate import AddDictToEnviron
6 from authkit.authorize import NotAuthorizedError
7 from authkit.permissions import RequestPermission
9 from sqlalchemy.exceptions import InvalidRequestError
11 from bluechips import model
12 from bluechips.model import meta
14 class BlueChipUser(RequestPermission):
15 def check(self, app, environ, start_response):
16 if 'REMOTE_USER' not in environ:
17 raise NotAuthenticatedError('Not Authenticated')
19 environ['user'] = meta.Session.query(model.User).\
20 filter_by(username=environ['REMOTE_USER']).\
22 except InvalidRequestError:
23 raise NotAuthorizedError('You are not allowed access.')
24 return app(environ, start_response)
26 class DummyAuthenticate(AddDictToEnviron):
28 Set the authkit.authenticate environment variable so
29 authkit.authorize shuts up
31 def __init__(self, app):
32 super(DummyAuthenticate, self).__init__(app, {
33 'authkit.authenticate': True})
35 __all__ = ['BlueChipUser', 'DummyAuthenticate']