commit | author | age
|
cad90d
|
1 |
# Authorization middleware |
TS |
2 |
from pkg_resources import EntryPoint |
|
3 |
|
9df42f
|
4 |
from repoze.who._compat import STRING_TYPES |
TS |
5 |
|
cad90d
|
6 |
def authenticated_predicate(): |
TS |
7 |
def _predicate(environ): |
|
8 |
return 'REMOTE_USER' in environ or 'repoze.who.identity' in environ |
|
9 |
return _predicate |
|
10 |
|
|
11 |
class PredicateRestriction: |
|
12 |
|
|
13 |
def __init__(self, app, predicate, enabled=True, **kw): |
|
14 |
self.app = app |
|
15 |
self.enabled = enabled |
|
16 |
options = kw.copy() |
|
17 |
self.predicate = predicate(**options) |
|
18 |
|
|
19 |
def __call__(self, environ, start_response): |
|
20 |
if self.enabled: |
|
21 |
if not self.predicate(environ): |
5b6365
|
22 |
start_response('401 Unauthorized', []) |
cad90d
|
23 |
return [] |
TS |
24 |
return self.app(environ, start_response) |
|
25 |
|
|
26 |
def make_authenticated_restriction(app, global_config, enabled=True): |
|
27 |
return PredicateRestriction(app, authenticated_predicate, enabled) |
|
28 |
|
|
29 |
def make_predicate_restriction(app, global_config, |
|
30 |
predicate, enabled=True, **kw): |
9df42f
|
31 |
if isinstance(predicate, STRING_TYPES): |
49809a
|
32 |
predicate = EntryPoint.parse('x=%s' % predicate).resolve() |
cad90d
|
33 |
return PredicateRestriction(app, predicate, enabled, **kw) |