Beispiel #1
0
        def authorize(self, doc_id):
            doc = Doc.by_id(doc_id)

            if doc is None:
                # return the empty set of permissions
                return DENY

            identity = User.by_id(self.user_id)

            # first, check if we're the project owner
            if doc.owner == identity:
                return WRITER

            acl = DBSession.query(ProjectACLEntry).filter(
                ProjectACLEntry.user == identity,
                ProjectACLEntry.project == doc.project
            ).first()

            if acl is None:
                return DENY

            return {
                ProjectACLEntry.READER: READER,
                ProjectACLEntry.WRITER: WRITER
            }.get(acl.level, DENY)
Beispiel #2
0
        def authenticate(self, request):
            session = self.session_factory(Request({
                "HTTP_COOKIE": str(request.cookies)
            }))

            user = User.by_id(session.get("identity_id", None))

            if user is None:
                return None

            return user.id