X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=bluechips%2Flib%2Fpermissions.py;h=2249726b8a554e264e79632e4b03654f130625ef;hb=91c2916731b30a0c43a2259dad2228c51421a06c;hp=0da8687faa3b313867f1109f20e62bef2eeb69cb;hpb=3289d76766f1ee271617ed0ce9f84343ba72318b;p=bluechips.git

diff --git a/bluechips/lib/permissions.py b/bluechips/lib/permissions.py
index 0da8687..2249726 100644
--- a/bluechips/lib/permissions.py
+++ b/bluechips/lib/permissions.py
@@ -3,24 +3,31 @@ authkit authorization permission objects for BlueChips
 """
 
 from authkit.authenticate import AddDictToEnviron
-from authkit.authorize import NotAuthorizedError
+from authkit.authorize import NotAuthenticatedError, NotAuthorizedError
 from authkit.permissions import RequestPermission
 
-from sqlalchemy.exceptions import InvalidRequestError
-
 from bluechips import model
 from bluechips.model import meta
 
 class BlueChipUser(RequestPermission):
     def check(self, app, environ, start_response):
         if 'REMOTE_USER' not in environ:
+            raise NotAuthenticatedError('Not Authenticated') # pragma: nocover
+        environ['user'] = meta.Session.query(model.User).\
+            filter_by(username=unicode(environ['REMOTE_USER'])).\
+            first()
+        if environ['user'] == None:
+            raise NotAuthorizedError('You are not allowed access.') # pragma: nocover
+        return app(environ, start_response)
+
+class BlueChipResident(RequestPermission):
+    def check(self, app, environ, start_response):
+        if 'user' not in environ:
             raise NotAuthenticatedError('Not Authenticated')
-        try:
-            user = meta.Session.query(model.User).\
-                filter_by(username=environ['REMOTE_USER']).\
-                one()
-        except InvalidRequestError:
+
+        if not getattr(environ['user'], 'resident', False):
             raise NotAuthorizedError('You are not allowed access.')
+
         return app(environ, start_response)
 
 class DummyAuthenticate(AddDictToEnviron):
@@ -28,8 +35,19 @@ class DummyAuthenticate(AddDictToEnviron):
     Set the authkit.authenticate environment variable so
     authkit.authorize shuts up
     """
-    def __init__(self, app):
-        super(DummyAuthenticate, self).__init__(app, {
-                'authkit.authenticate': True})
+    def __init__(self, app, app_conf):
+        newenv = {}
+        newenv['authkit.authenticate'] = True
+        newenv['authkit.config'] = {'setup.enable': True}
+        if 'fake_username' in app_conf:
+            newenv['REMOTE_USER'] = app_conf['fake_username']
+        super(DummyAuthenticate, self).__init__(app, newenv)
+
+
+def authenticate(environ, username, password):
+    user = meta.Session.query(model.User).\
+            filter_by(username=unicode(username),
+                      password=unicode(password)).first()
+    return (user is not None)
 
-__all__ = ['BlueChipUser', 'DummyAuthenticate']
+__all__ = ['BlueChipUser', 'DummyAuthenticate', 'authenticate']