1 files changed, 43 insertions, 5 deletions

diff --git a/funcweb/funcweb/controllers.py b/funcweb/funcweb/controllers.py
index 0d74a50..df4c05c 100644
--- a/funcweb/funcweb/controllers.py
+++ b/funcweb/funcweb/controllers.py
@@ -1,18 +1,24 @@
 import logging
 log = logging.getLogger(__name__)
 
-from turbogears import controllers, expose, flash
+from turbogears import controllers, expose, flash, identity, redirect
 from func.overlord.client import Client
 
 class Root(controllers.RootController):
 
     @expose(template="funcweb.templates.minions")
-    def minions(self):
-        """ Return a list of our minions """
-        fc = Client("*")
+    @identity.require(identity.Any(
+        identity.from_host("127.0.0.1"), identity.not_anonymous()))
+    def minions(self, glob='*'):
+        """ Return a list of our minions that match a given glob """
+        fc = Client(glob)
         return dict(minions=fc.system.list_methods())
 
+    index = minions # start with our minion view, for now
+
     @expose(template="funcweb.templates.minion")
+    @identity.require(identity.Any(
+        identity.from_host("127.0.0.1"), identity.not_anonymous()))
     def minion(self, name, module=None, method=None):
         """ Display module or method details for a specific minion.
 
@@ -34,11 +40,43 @@ class Root(controllers.RootController):
                 return dict(modules=modules, module=module,
                             tg_template="funcweb.templates.module")
 
-    index = minions # start with our minion view, for now
 
     @expose(template="funcweb.templates.run")
+    @identity.require(identity.Any(
+        identity.from_host("127.0.0.1"), identity.not_anonymous()))
     def run(self, minion="*", module=None, method=None, arguments=''):
         fc = Client(minion)
         results = getattr(getattr(fc, module), method)(*arguments.split())
         cmd = "%s.%s.%s(%s)" % (minion, module, method, arguments)
         return dict(cmd=cmd, results=results)
+
+    @expose(template="funcweb.templates.login")
+    def login(self, forward_url=None, previous_url=None, *args, **kw):
+        from cherrypy import request, response
+        if not identity.current.anonymous \
+            and identity.was_login_attempted() \
+            and not identity.get_identity_errors():
+            raise redirect(forward_url)
+
+        forward_url=None
+        previous_url= request.path
+
+        if identity.was_login_attempted():
+            msg=_("The credentials you supplied were not correct or "
+                   "did not grant access to this resource.")
+        elif identity.get_identity_errors():
+            msg=_("You must provide your credentials before accessing "
+                   "this resource.")
+        else:
+            msg=_("Please log in.")
+            forward_url= request.headers.get("Referer", "/")
+
+        response.status=403
+        return dict(message=msg, previous_url=previous_url, logging_in=True,
+                    original_parameters=request.params,
+                    forward_url=forward_url)
+
+    @expose()
+    def logout(self):
+        identity.current.logout()
+        raise redirect("/")