manas/lib/base.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

"""The base Controller API

Provides the BaseController class for subclassing.
"""
from tg import TGController, tmpl_context
from pylons.templating import render_genshi as render
from pylons import request

import manas.model as model

from pylons.i18n import _, ungettext, N_
from tw.api import WidgetBunch

class Controller(object):
    """Base class for a web application's controller.

    Currently, this provides positional parameters functionality
    via a standard default method.
    """

class BaseController(TGController):
    """Base class for the root of a web application.

    Your web application should have one of these. The root of
    your application is used to compute URLs used by your app.
    """

    def __call__(self, environ, start_response):
        """Invoke the Controller"""
        # TGController.__call__ dispatches to the Controller method
        # the request is routed to. This routing information is
        # available in environ['pylons.routes_dict']
        try:
            return TGController.__call__(self, environ, start_response)
        finally:
            #after everything is done clear out the Database Session
            #to eliminate possible cross request DBSession polution.
            model.DBSession.remove()
        tmpl_context.identity = request.environ.get('repoze.who.identity')
        
class SecureController(BaseController):
    """this is a SecureController implementation for the
    tg.ext.repoze.who plugin.
    it will permit to protect whole controllers with a single predicate
    placed at the controller level.
    The only thing you need to have is a 'require' attribute which must
    be a callable. This callable will only be authorized to return True
    if the user is allowed and False otherwise. This may change to convey info
    when securecontroller is fully debugged...
    """

    def check_security(self):
        errors = []
        environ = request.environ
        identity = environ.get('repoze.who.identity')
        if not hasattr(self, "require") or \
            self.require is None or \
            self.require.eval_with_object(identity, errors):
            return True

        # if we did not return this is an error :)
        # TODO: do something with the errors variable like informing our user...
        return False