# Authorization middleware
|
from pkg_resources import EntryPoint
|
|
from repoze.who._compat import STRING_TYPES
|
|
def authenticated_predicate():
|
def _predicate(environ):
|
return 'REMOTE_USER' in environ or 'repoze.who.identity' in environ
|
return _predicate
|
|
class PredicateRestriction:
|
|
def __init__(self, app, predicate, enabled=True, **kw):
|
self.app = app
|
self.enabled = enabled
|
options = kw.copy()
|
self.predicate = predicate(**options)
|
|
def __call__(self, environ, start_response):
|
if self.enabled:
|
if not self.predicate(environ):
|
start_response('401 Unauthorized', [])
|
return []
|
return self.app(environ, start_response)
|
|
def make_authenticated_restriction(app, global_config, enabled=True):
|
return PredicateRestriction(app, authenticated_predicate, enabled)
|
|
def make_predicate_restriction(app, global_config,
|
predicate, enabled=True, **kw):
|
if isinstance(predicate, STRING_TYPES):
|
predicate = EntryPoint.parse('x=%s' % predicate).resolve()
|
return PredicateRestriction(app, predicate, enabled, **kw)
|