Beispiel #1
0
 def _role_required(action, req, resp, handler, params, extra_params):
     login_required(action, req, resp, handler, params, extra_params)
     user = fail_if_none(
         utils.get_by_id(handler.db, req.context['user']['_id']),
         falcon.HTTPForbidden('Forbidden', 'Access denied')
     )
     if role not in user.get('roles', []):
         raise falcon.HTTPForbidden('Forbidden', 'Access denied')
Beispiel #2
0
 def login(self, req, resp):
     _json_middleware = JSON()
     _json_middleware.process_resource(req, resp, True)
     if req.method == 'OPTIONS':
         return
     if req.method != 'POST':
         raise falcon.HTTPMethodNotAllowed(('POST', 'OPTIONS'))
     self.user_validate.validate(req.context['doc'])
     user = fail_if_none(
         utils.get_by_username(self.app.db, req.context['doc']['username']),
         falcon.HTTPBadRequest('Bad request', 'User not found')
     )
     if not self.verify_password(req.context['doc']['password'], user.get('password')):
         raise falcon.HTTPBadRequest('Bad request', 'Wrong password')
     req.context['result'] = {'token': utils.token_encode(
         {'_id': str(user['_id']), 'roles': user.get('roles', []), 'username': user['username']}
     )}
     _json_middleware.process_response(req, resp, True)
Beispiel #3
0
def item_or_404(item):
    return utils.fail_if_none(item, falcon.HTTPNotFound)