def authorize(self, doc_id):
doc = Doc.by_id(doc_id)
if doc is None:
# return the empty set of permissions
return DENY
identity = User.by_id(self.user_id)
# first, check if we're the project owner
if doc.owner == identity:
return WRITER
acl = DBSession.query(ProjectACLEntry).filter(
ProjectACLEntry.user == identity,
ProjectACLEntry.project == doc.project
).first()
if acl is None:
return DENY
return {
ProjectACLEntry.READER: READER,
ProjectACLEntry.WRITER: WRITER
}.get(acl.level, DENY)
def authenticate(self, request):
session = self.session_factory(Request({
"HTTP_COOKIE": str(request.cookies)
}))
user = User.by_id(session.get("identity_id", None))
if user is None:
return None
return user.id