X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=bluechips%2Flib%2Fpermissions.py;h=2249726b8a554e264e79632e4b03654f130625ef;hb=91c2916731b30a0c43a2259dad2228c51421a06c;hp=4a30fdc3e0c66b59ab27bc7b866aa1b6eb276ca4;hpb=a59d19c0581702321ebb6f89ab20f158cdc9d7bc;p=bluechips.git

diff --git a/bluechips/lib/permissions.py b/bluechips/lib/permissions.py
index 4a30fdc..2249726 100644
--- a/bluechips/lib/permissions.py
+++ b/bluechips/lib/permissions.py
@@ -20,6 +20,16 @@ class BlueChipUser(RequestPermission):
             raise NotAuthorizedError('You are not allowed access.') # pragma: nocover
         return app(environ, start_response)
 
+class BlueChipResident(RequestPermission):
+    def check(self, app, environ, start_response):
+        if 'user' not in environ:
+            raise NotAuthenticatedError('Not Authenticated')
+
+        if not getattr(environ['user'], 'resident', False):
+            raise NotAuthorizedError('You are not allowed access.')
+
+        return app(environ, start_response)
+
 class DummyAuthenticate(AddDictToEnviron):
     """
     Set the authkit.authenticate environment variable so
@@ -33,4 +43,11 @@ class DummyAuthenticate(AddDictToEnviron):
             newenv['REMOTE_USER'] = app_conf['fake_username']
         super(DummyAuthenticate, self).__init__(app, newenv)
 
-__all__ = ['BlueChipUser', 'DummyAuthenticate']
+
+def authenticate(environ, username, password):
+    user = meta.Session.query(model.User).\
+            filter_by(username=unicode(username),
+                      password=unicode(password)).first()
+    return (user is not None)
+
+__all__ = ['BlueChipUser', 'DummyAuthenticate', 'authenticate']