def view_execution_permitted(context, request, name=''):
""" If the view specified by ``context`` and ``name`` is protected
by a :term:`permission`, check the permission associated with the
view using the effective authentication/authorization policies and
the ``request``. Return a boolean result. If no
:term:`authorization policy` is in effect, or if the view is not
protected by a permission, return ``True``. If no view can view found,
an exception will be raised.
.. versionchanged:: 1.4a4
An exception is raised if no view is found.
"""
try:
reg = request.registry
except AttributeError:
reg = get_current_registry() # b/c
provides = [IViewClassifier] + map_(providedBy, (request, context))
view = reg.adapters.lookup(provides, ISecuredView, name=name)
if view is None:
view = reg.adapters.lookup(provides, IView, name=name)
if view is None:
raise TypeError('No registered view satisfies the constraints. '
'It would not make sense to claim that this view '
'"is" or "is not" permitted.')
return Allowed(
'Allowed: view name %r in context %r (no permission defined)' %
(name, context))
return view.__permitted__(context, request)
def view_execution_permitted(context, request, name=''):
""" If the view specified by ``context`` and ``name`` is protected
by a :term:`permission`, check the permission associated with the
view using the effective authentication/authorization policies and
the ``request``. Return a boolean result. If no
:term:`authorization policy` is in effect, or if the view is not
protected by a permission, return ``True``. If no view can view found,
an exception will be raised.
.. versionchanged:: 1.4a4
An exception is raised if no view is found.
"""
reg = _get_registry(request)
provides = [IViewClassifier] + map_(providedBy, (request, context))
view = reg.adapters.lookup(provides, ISecuredView, name=name)
if view is None:
view = reg.adapters.lookup(provides, IView, name=name)
if view is None:
raise TypeError('No registered view satisfies the constraints. '
'It would not make sense to claim that this view '
'"is" or "is not" permitted.')
return Allowed(
'Allowed: view name %r in context %r (no permission defined)' %
(name, context))
return view.__permitted__(context, request)
def get_view(context, request, view_name = ''):
""" Returns view callable if a view is registered.
"""
provides = [IViewClassifier] + map_(
providedBy,
(request, context)
)
return request.registry.adapters.lookup(provides, IView, name=view_name)
def _get_view(self, context, request, name=""):
from pyramid.compat import map_
from pyramid.interfaces import IView
from pyramid.interfaces import IViewClassifier
from zope.interface import providedBy
provides = [IViewClassifier] + map_(providedBy, (request, context))
return request.registry.adapters.lookup(provides, IView, name=name)
def get_view(context, request, view_name):
provides = [IViewClassifier] + map_(providedBy, (request, context))
try:
reg = request.registry
except AttributeError:
reg = get_current_registry()
view = reg.adapters.lookup(provides, IView, name=view_name)
if view is None:
return None
return view
def render_viewlet(self, name, **kwargs):
""" Render a viewlet """
provides = [IViewClassifier] + map_(providedBy,
(self.request, self.context))
view = self.request.registry.adapters.lookup(
provides, IView, name=name)
self.request.update({'kwargs': kwargs})
return "".join(view(self.context, self.request).app_iter)
def _get_view(self, view_name): # pragma: no cover
"""This code is copied from pyramid.view.
We trust it and don't test.
Returns True if a view with name view_name is registered for context.
"""
provides = [IViewClassifier] + map_(providedBy, (self.request, self.context))
try:
reg = self.request.registry
except AttributeError:
reg = get_current_registry()
return reg.adapters.lookup(provides, IView, name=view_name)
def view_execution_permitted(context, request, name=''):
""" If the view specified by ``context`` and ``name`` is protected
by a :term:`permission`, check the permission associated with the
view using the effective authentication/authorization policies and
the ``request``. Return a boolean result. If no
:term:`authorization policy` is in effect, or if the view is not
protected by a permission, return ``True``."""
try:
reg = request.registry
except AttributeError:
reg = get_current_registry() # b/c
provides = [IViewClassifier] + map_(providedBy, (request, context))
view = reg.adapters.lookup(provides, ISecuredView, name=name)
if view is None:
return Allowed(
'Allowed: view name %r in context %r (no permission defined)' %
(name, context))
return view.__permitted__(context, request)
def view_execution_permitted(context, request, name=''):
""" If the view specified by ``context`` and ``name`` is protected
by a :term:`permission`, check the permission associated with the
view using the effective authentication/authorization policies and
the ``request``. Return a boolean result. If no
:term:`authorization policy` is in effect, or if the view is not
protected by a permission, return ``True``."""
try:
reg = request.registry
except AttributeError:
reg = get_current_registry() # b/c
provides = [IViewClassifier] + map_(providedBy, (request, context))
view = reg.adapters.lookup(provides, ISecuredView, name=name)
if view is None:
return Allowed(
'Allowed: view name %r in context %r (no permission defined)' %
(name, context))
return view.__permitted__(context, request)
def render_view_to_response(context, request, name='', secure=True):
""" Call the :term:`view callable` configured with a :term:`view
configuration` that matches the :term:`view name` ``name``
registered against the specified ``context`` and ``request`` and
return a :term:`response` object. This function will return
``None`` if a corresponding :term:`view callable` cannot be found
(when no :term:`view configuration` matches the combination of
``name`` / ``context`` / and ``request``).
If `secure`` is ``True``, and the :term:`view callable` found is
protected by a permission, the permission will be checked before calling
the view function. If the permission check disallows view execution
(based on the current :term:`authorization policy`), a
:exc:`pyramid.httpexceptions.HTTPForbidden` exception will be raised.
The exception's ``args`` attribute explains why the view access was
disallowed.
If ``secure`` is ``False``, no permission checking is done."""
provides = [IViewClassifier] + map_(providedBy, (request, context))
try:
reg = request.registry
except AttributeError:
reg = get_current_registry()
view = reg.adapters.lookup(provides, IView, name=name)
if view is None:
return None
if not secure:
# the view will have a __call_permissive__ attribute if it's
# secured; otherwise it won't.
view = getattr(view, '__call_permissive__', view)
# if this view is secured, it will raise a Forbidden
# appropriately if the executing user does not have the proper
# permission
return view(context, request)
def render_view_to_response(context, request, name='', secure=True):
""" Call the :term:`view callable` configured with a :term:`view
configuration` that matches the :term:`view name` ``name``
registered against the specified ``context`` and ``request`` and
return a :term:`response` object. This function will return
``None`` if a corresponding :term:`view callable` cannot be found
(when no :term:`view configuration` matches the combination of
``name`` / ``context`` / and ``request``).
If `secure`` is ``True``, and the :term:`view callable` found is
protected by a permission, the permission will be checked before calling
the view function. If the permission check disallows view execution
(based on the current :term:`authorization policy`), a
:exc:`pyramid.httpexceptions.HTTPForbidden` exception will be raised.
The exception's ``args`` attribute explains why the view access was
disallowed.
If ``secure`` is ``False``, no permission checking is done."""
provides = [IViewClassifier] + map_(providedBy, (request, context))
try:
reg = request.registry
except AttributeError:
reg = get_current_registry()
view = reg.adapters.lookup(provides, IView, name=name)
if view is None:
return None
if not secure:
# the view will have a __call_permissive__ attribute if it's
# secured; otherwise it won't.
view = getattr(view, '__call_permissive__', view)
# if this view is secured, it will raise a Forbidden
# appropriately if the executing user does not have the proper
# permission
return view(context, request)
def get_context_view_names(context, request):
provides = [IViewClassifier] + map_(
providedBy,
(request, context)
)
return [x for (x, y) in request.registry.adapters.lookupAll(provides, IView)]
def get_view(context, request, view_name=''):
""" Returns view callable if a view is registered.
"""
provides = [IViewClassifier] + map_(providedBy, (request, context))
return request.registry.adapters.lookup(provides, IView, name=view_name)
def get_context_view_names(context, request):
provides = [IViewClassifier] + map_(providedBy, (request, context))
return [
x for (x, y) in request.registry.adapters.lookupAll(provides, IView)
]
