Package eggbasket :: Module permissions
[hide private]

Source Code for Module eggbasket.permissions

 1  # -*- coding: UTF-8 -*- 
 2   
 3  __all__ = [ 
 4      'has_permission' 
 5  ] 
 6   
 7  import logging 
 8   
 9  import turbogears.config as tgconf 
10  import turbogears.identity as tgid 
11   
12  from eggbasket import model 
13   
14 -class has_permission(tgid.Predicate, tgid.IdentityPredicateHelper):
15 """Checks if user attached to current identity has given permission. 16 17 This extends the standard ``identity.has_permission`` predicate in 18 that it allows to define extra groups for anonymous users (named 19 "anonymous" per default) and all authenticated users ("authenticated") 20 to which additional permissions for these groups of users can be attached. 21 22 You can set the names of the extra groups in the configuration with the 23 ``identity.anonymous_groups`` resp. ``identity.authenticated_groups``. 24 Both settings expect a list of group names. Appropriatly named groups 25 must be created in the database, but if they are missing the check will 26 still work but always fail for anonymous users. 27 28 """ 29 30 error_message= "Permission denied: %(permission_name)s" 31
32 - def __init__(self, permission_name, error_message=None):
36
37 - def eval_with_object(self, identity, errors=None):
38 if identity.anonymous: 39 extra_groups = tgconf.get('identity.anonymous_groups', 40 [u'anonymous']) 41 else: 42 extra_groups = tgconf.get('identity.authenticated_groups', 43 [u'authenticated']) 44 45 # Turn group names into model.Group objects 46 extra_groups = model.Group.query().filter( 47 model.Group.c.group_name.in_(extra_groups)).all() 48 # Build set of permissions from extra groups 49 permissions = set(identity.permissions) 50 [permissions.update([p.permission_name for p in group.permissions]) 51 for group in extra_groups] 52 53 if self.permission_name in permissions: 54 return True 55 56 self.append_error_message(errors) 57 return False
58