import logging
from bluechips.lib.base import *
+from bluechips.lib.permissions import BlueChipResident
import sqlalchemy
from sqlalchemy import orm
+from authkit.authorize.pylons_adaptors import authorize
+
from pylons import request
from pylons.decorators import validate
from pylons.decorators.secure import authenticate_form
h.flash("Updated email address to '%s'." % new_email)
return h.redirect_to('/')
+ @authorize(BlueChipResident())
def new(self):
c.title = 'Register a New User'
return render('/user/new.mako')
@authenticate_form
+ @authorize(BlueChipResident())
@validate(schema=NewUserSchema(), form='new')
def create(self):
u = model.User(username=self.form_result['username'],
raise NotAuthorizedError('You are not allowed access.') # pragma: nocover
return app(environ, start_response)
+class BlueChipResident(RequestPermission):
+ def check(self, app, environ, start_response):
+ if 'user' not in environ:
+ raise NotAuthenticatedError('Not Authenticated')
+
+ if not getattr(environ['user'], 'resident', False):
+ raise NotAuthorizedError('You are not allowed access.')
+
+ return app(environ, start_response)
+
class DummyAuthenticate(AddDictToEnviron):
"""
Set the authkit.authenticate environment variable so