blob: ab08511200e8069adae7ac7143749320a450fc0c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
"""The base Controller API
Provides the BaseController class for subclassing.
"""
from tg import TGController, tmpl_context
from pylons.templating import render_genshi as render
from pylons import request
import manas.model as model
from pylons.i18n import _, ungettext, N_
from tw.api import WidgetBunch
class Controller(object):
"""Base class for a web application's controller.
Currently, this provides positional parameters functionality
via a standard default method.
"""
class BaseController(TGController):
"""Base class for the root of a web application.
Your web application should have one of these. The root of
your application is used to compute URLs used by your app.
"""
def __call__(self, environ, start_response):
"""Invoke the Controller"""
# TGController.__call__ dispatches to the Controller method
# the request is routed to. This routing information is
# available in environ['pylons.routes_dict']
try:
return TGController.__call__(self, environ, start_response)
finally:
#after everything is done clear out the Database Session
#to eliminate possible cross request DBSession polution.
model.DBSession.remove()
tmpl_context.identity = request.environ.get('repoze.who.identity')
class SecureController(BaseController):
"""this is a SecureController implementation for the
tg.ext.repoze.who plugin.
it will permit to protect whole controllers with a single predicate
placed at the controller level.
The only thing you need to have is a 'require' attribute which must
be a callable. This callable will only be authorized to return True
if the user is allowed and False otherwise. This may change to convey info
when securecontroller is fully debugged...
"""
def check_security(self):
errors = []
environ = request.environ
identity = environ.get('repoze.who.identity')
if not hasattr(self, "require") or \
self.require is None or \
self.require.eval_with_object(identity, errors):
return True
# if we did not return this is an error :)
# TODO: do something with the errors variable like informing our user...
return False
|