Changeset - 16253f330094
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Marcin Kuzminski - 15 years ago 2010-08-25 18:15:50
marcin@python-works.com
fixes #30. Rewrite default permissions query + some other small fixes
1 file changed with 11 insertions and 9 deletions:
pylons_app/lib/auth.py
11
9
0 comments (0 inline, 0 general)
pylons_app/lib/auth.py
Show inline comments
 
@@ -96,140 +96,142 @@ def set_available_permissions(config):
 
    @param config:
 
    """
 
    log.info('getting information about all available permissions')
 
    try:
 
        sa = meta.Session
 
        all_perms = sa.query(Permission).all()
 
    finally:
 
        meta.Session.remove()
 
 
    config['available_permissions'] = [x.permission_name for x in all_perms]
 

			




	
	
	
		
 
def set_base_path(config):

			




	
	
	
		
 
    config['base_path'] = config['pylons.app_globals'].base_path

			




	
	
	
		
 

			




	
	
	
		
 
def fill_data(user):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Fills user data with those from database and log out user if not present

			




	
	
	
		
 
    in database

			




	
	
	
		
 
    @param user:

			




	
	
	
		
 
    """

			




	
	
	
		
 
    sa = meta.Session

			




	
	
	
		
 
    dbuser = sa.query(User).get(user.user_id)

			




	
	
	
		
 
    if dbuser:

			




	
	
	
		
 
        user.username = dbuser.username

			




	
	
	
		
 
        user.is_admin = dbuser.admin

			




	
	
	
		
 
        user.name = dbuser.name

			




	
	
	
		
 
        user.lastname = dbuser.lastname

			




	
	
	
		
 
        user.email = dbuser.email

			




	
	
	
		
 
    else:

			




	
	
	
		
 
        user.is_authenticated = False

			




	
	
	
		
 
    meta.Session.remove()

			




	
	
	
		
 
    from pprint import pprint

			




	
	
	
		
 
    pprint(user.permissions)

			




	
	
	
		
 
    return user

			




	
	
	
		
 
            

			




	
	
	
		
 
def fill_perms(user):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Fills user permission attribute with permissions taken from database

			




	
	
	
		
 
    @param user:

			




	
	
	
		
 
    """

			




	
	
	
		
 
    

			




	
	
	
		
 
    sa = meta.Session

			




	
	
	
		
 
    user.permissions['repositories'] = {}

			




	
	
	
		
 
    user.permissions['global'] = set()

			




	
	
	
		
 
    

			




	
	
	
		
 
    #===========================================================================

			




	
	
	
		
 
    # fetch default permissions

			




	
	
	
		
 
    #===========================================================================

			




	
	
	
		
 
    default_perms = sa.query(RepoToPerm, UserToPerm, Repository, Permission)\

			




	
	
	
		
 
        .outerjoin((UserToPerm, RepoToPerm.user_id == UserToPerm.user_id))\

			




	
	
	
		
 
    default_perms = sa.query(RepoToPerm, Repository, Permission)\

			




	
	
	
		
 
        .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

			




	
	
	
		
 
        .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

			




	
	
	
		
 
        .filter(RepoToPerm.user_id == sa.query(User).filter(User.username == 

			




	
	
	
		
 
                                            'default').one().user_id).all()

			




	
	
	
		
 
        .filter(RepoToPerm.user == sa.query(User).filter(User.username == 

			




	
	
	
		
 
                                            'default').scalar()).all()

			




	
	
	
		
 
                                            

			




	
	
	
		
 
    if user.is_admin:

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        # #admin have all rights set to admin        

			




	
	
	
		
 
        # #admin have all default rights set to admin        

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        user.permissions['global'].add('hg.admin')

			




	
	
	
		
 
        

			




	
	
	
		
 
        for perm in default_perms:

			




	
	
	
		
 
            p = 'repository.admin'

			




	
	
	
		
 
            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

			




	
	
	
		
 
    

			




	
	
	
		
 
    else:

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        # set default permissions

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        

			




	
	
	
		
 
        #default global

			




	
	
	
		
 
        for perm in default_perms:

			




	
	
	
		
 
            user.permissions['global'].add(perm.UserToPerm.permission.permission_name)

			




	
	
	
		
 
        default_global_perms = sa.query(UserToPerm)\

			




	
	
	
		
 
            .filter(UserToPerm.user == sa.query(User).filter(User.username == 

			




	
	
	
		
 
            'default').one())

			




	
	
	
		
 
        

			




	
	
	
		
 
        for perm in default_global_perms:

			




	
	
	
		
 
            user.permissions['global'].add(perm.permission.permission_name)

			




	
	
	
		
 
                    

			




	
	
	
		
 
        #default repositories

			




	
	
	
		
 
        for perm in default_perms:

			




	
	
	
		
 
            if perm.Repository.private and not perm.Repository.user_id == user.user_id:

			




	
	
	
		
 
                #disable defaults for private repos,

			




	
	
	
		
 
                p = 'repository.none'

			




	
	
	
		
 
            elif perm.Repository.user_id == user.user_id:

			




	
	
	
		
 
                #set admin if owner

			




	
	
	
		
 
                p = 'repository.admin'

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                p = perm.Permission.permission_name

			




	
	
	
		
 
                

			




	
	
	
		
 
            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

			




	
	
	
		
 
                                                

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        # #overwrite default with user permissions if any

			




	
	
	
		
 
        #=======================================================================

			




	
	
	
		
 
        user_perms = sa.query(RepoToPerm, UserToPerm, Permission, Repository)\

			




	
	
	
		
 
            .outerjoin((UserToPerm, RepoToPerm.user_id == UserToPerm.user_id))\

			




	
	
	
		
 
        user_perms = sa.query(RepoToPerm, Permission, Repository)\

			




	
	
	
		
 
            .join((Repository, RepoToPerm.repository_id == Repository.repo_id))\

			




	
	
	
		
 
            .join((Permission, RepoToPerm.permission_id == Permission.permission_id))\

			




	
	
	
		
 
            .filter(RepoToPerm.user_id == user.user_id).all()

			




	
	
	
		
 
            

			




	
	
	
		
 
        for perm in user_perms:

			




	
	
	
		
 
            if perm.Repository.user_id == user.user_id:#set admin if owner

			




	
	
	
		
 
                p = 'repository.admin'

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                p = perm.Permission.permission_name

			




	
	
	
		
 
            user.permissions['repositories'][perm.RepoToPerm.repository.repo_name] = p

			




	
	
	
		
 
    meta.Session.remove()         

			




	
	
	
		
 
    return user

			




	
	
	
		
 
    

			




	
	
	
		
 
def get_user(session):

			




	
	
	
		
 
    """

			




	
	
	
		
 
    Gets user from session, and wraps permissions into user

			




	
	
	
		
 
    @param session:

			




	
	
	
		
 
    """

			




	
	
	
		
 
    user = session.get('hg_app_user', AuthUser())

			




	
	
	
		
 
    if user.is_authenticated:

			




	
	
	
		
 
        user = fill_data(user)

			




	
	
	
		
 
    user = fill_perms(user)

			




	
	
	
		
 
    session['hg_app_user'] = user

			




	
	
	
		
 
    session.save()

			




	
	
	
		
 
    return user

			




	
	
	
		
 
        

			




	
	
	
		
 
#===============================================================================

			




	
	
	
		
 
# CHECK DECORATORS

			




	
	
	
		
 
#===============================================================================

			




	
	
	
		
 
class LoginRequired(object):

			




	
	
	
		
 
    """Must be logged in to execute this function else redirect to login page"""

			




	
	
	
		
 
   

			




	
	
	
		
 
    def __call__(self, func):

			




	
	
	
		
 
        return decorator(self.__wrapper, func)

			




	
	
	
		
 
    

			




	
	
	
		
 
    def __wrapper(self, func, *fargs, **fkwargs):

			




	
	
	
		
 
        user = session.get('hg_app_user', AuthUser())

			




	
	
	
		
 
        log.debug('Checking login required for user:%s', user.username)

			




	
	
	
		
 
        if user.is_authenticated:

			




	
	
	
		
 
            log.debug('user %s is authenticated', user.username)

			




	
	
	
		
 
            return func(*fargs, **fkwargs)

			




	
	
	
		
 
        else:

			




	
	
	
		
 
            log.warn('user %s not authenticated', user.username)

			




	
	
	
		
 
            log.debug('redirecting to login page')

			




	
	
	
		
 
            return redirect(url('login_home'))

			




	
	
	
		
 

			




	
	
	
		
 
class PermsDecorator(object):

			




	
	
	
		
 
    """Base class for decorators"""

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.