We have pie charts.

[bluechips.git] / bluechips / lib / permissions.py

diff --git a/bluechips/lib/permissions.py b/bluechips/lib/permissions.py
index 63c9c5c0241a495990bdd9ca4abe6aeba4391b36..2249726b8a554e264e79632e4b03654f130625ef 100644 (file)
--- a/bluechips/lib/permissions.py
+++ b/bluechips/lib/permissions.py
@@ -12,12 +12,22 @@ from bluechips.model import meta
 class BlueChipUser(RequestPermission):
     def check(self, app, environ, start_response):
         if 'REMOTE_USER' not in environ:
-            raise NotAuthenticatedError('Not Authenticated')
+            raise NotAuthenticatedError('Not Authenticated') # pragma: nocover
         environ['user'] = meta.Session.query(model.User).\
             filter_by(username=unicode(environ['REMOTE_USER'])).\
             first()
         if environ['user'] == None:
+            raise NotAuthorizedError('You are not allowed access.') # pragma: nocover
+        return app(environ, start_response)
+
+class BlueChipResident(RequestPermission):
+    def check(self, app, environ, start_response):
+        if 'user' not in environ:
+            raise NotAuthenticatedError('Not Authenticated')
+
+        if not getattr(environ['user'], 'resident', False):
             raise NotAuthorizedError('You are not allowed access.')
+
         return app(environ, start_response)
 
 class DummyAuthenticate(AddDictToEnviron):
@@ -33,4 +43,11 @@ class DummyAuthenticate(AddDictToEnviron):
             newenv['REMOTE_USER'] = app_conf['fake_username']
         super(DummyAuthenticate, self).__init__(app, newenv)
 
-__all__ = ['BlueChipUser', 'DummyAuthenticate']
+
+def authenticate(environ, username, password):
+    user = meta.Session.query(model.User).\
+            filter_by(username=unicode(username),
+                      password=unicode(password)).first()
+    return (user is not None)
+
+__all__ = ['BlueChipUser', 'DummyAuthenticate', 'authenticate']