from pylons_app.config.routing import make_map

from pylons_app.lib.auth import set_available_permissions

from pylons_app.model import init_model

import logging

import os

    set_available_permissions(config)

from pylons_app.lib.auth import LoginRequired, CheckPermissionAll

        self.available_permissions = None # propagated after init_model

from pylons import session, url, app_globals as g

def set_available_permissions(config):

    """

    This function will propagate pylons globals with all available defined

    permission given in db. We don't wannt to check each time from db for new 

    permissions since adding a new permission also requires application restart

    ie. to decorate new views with the newly created permission

    @param config:

    """

    from pylons_app.model.meta import Session

    from pylons_app.model.db import Permission

    logging.info('getting information about all available permissions')

    sa = Session()

    all_perms = sa.query(Permission).all()

    config['pylons.app_globals'].available_permissions = [x.permission_name for x in all_perms]

class PermsDecorator(object):

    def __init__(self, *perms):

        available_perms = g.available_permissions

        for perm in perms:

            if perm not in available_perms:

                raise Exception("'%s' permission in not defined" % perm)

        self.required_perms = set(perms)

        self.user_perms = set([])#propagate this list from somewhere.

    def __call__(self, func):        

        @wraps(func)

        def _wrapper(*args, **kwargs):

            logging.info('checking %s permissions %s for %s',

               self.__class__.__name__[-3:], self.required_perms, func.__name__)            

            if self.check_permissions():

                logging.info('Permission granted for %s', func.__name__)

                return func(*args, **kwargs)

            else:

                logging.warning('Permission denied for %s', func.__name__)

                #redirect with forbidden ret code

                return redirect(url('access_denied'), 403) 

        return _wrapper

    def check_permissions(self):

        """

        Dummy function for overiding

        """

        raise Exception('You have to write this function in child class')

class CheckPermissionAll(PermsDecorator):

    """

    Checks for access permission for all given predicates. All of them have to

    be meet in order to fulfill the request

    """

    def check_permissions(self):

        if self.required_perms.issubset(self.user_perms):

            return True

        return False

class CheckPermissionAny(PermsDecorator):

    """

    Checks for access permission for any of given predicates. In order to 

    fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        if self.required_perms.intersection(self.user_perms):

            return True

        return False

from os.path import dirname as dn, join as jn

from pylons_app.lib.auth import get_crypt_password

from pylons_app.model import init_model

from pylons_app.model.db import User, Permission

from pylons_app.model.meta import Session, Base

from sqlalchemy.engine import create_engine

    def create_permissions(self):

        perms = [('can_view_admin_users', 'Access to admin user view'),

                 ]

        for p in perms:

            new_perm = Permission()

            new_perm.permission_name = p[0]

            new_perm.permission_longname = p[1]

            try:

                self.sa.add(new_perm)

                self.sa.commit()

            except:

                self.sa.rollback()

                raise

    dbmanage.admin_prompt()

    dbmanage.create_permissions()  

    permission_longname = Column("permission_longname", TEXT(length=None, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    <div>

        <h2>Welcome ${c.admin_username}</h2>

		    <div id="user_log">

				${c.log_data}

			</div>

    </div>