| commit | author | age | ||
| cad90d | 1 | # Authorization middleware |
| TS | 2 | from pkg_resources import EntryPoint |
| 3 | ||
| 9df42f | 4 | from repoze.who._compat import STRING_TYPES |
| TS | 5 | |
| cad90d | 6 | def authenticated_predicate(): |
| TS | 7 | def _predicate(environ): |
| 8 | return 'REMOTE_USER' in environ or 'repoze.who.identity' in environ | |
| 9 | return _predicate | |
| 10 | ||
| 11 | class PredicateRestriction: | |
| 12 | ||
| 13 | def __init__(self, app, predicate, enabled=True, **kw): | |
| 14 | self.app = app | |
| 15 | self.enabled = enabled | |
| 16 | options = kw.copy() | |
| 17 | self.predicate = predicate(**options) | |
| 18 | ||
| 19 | def __call__(self, environ, start_response): | |
| 20 | if self.enabled: | |
| 21 | if not self.predicate(environ): | |
| 5b6365 | 22 | start_response('401 Unauthorized', []) |
| cad90d | 23 | return [] |
| TS | 24 | return self.app(environ, start_response) |
| 25 | ||
| 26 | def make_authenticated_restriction(app, global_config, enabled=True): | |
| 27 | return PredicateRestriction(app, authenticated_predicate, enabled) | |
| 28 | ||
| 29 | def make_predicate_restriction(app, global_config, | |
| 30 | predicate, enabled=True, **kw): | |
| 9df42f | 31 | if isinstance(predicate, STRING_TYPES): |
| 49809a | 32 | predicate = EntryPoint.parse('x=%s' % predicate).resolve() |
| cad90d | 33 | return PredicateRestriction(app, predicate, enabled, **kw) |
