def create_app(config_filename=None):
app = Flask(__name__)
app.config.from_pyfile(config_filename or 'config.py')
if 'CERTIFICATOR_SETTINGS' in os.environ:
# Only try to load a config from it if set.
app.config.from_envvar('CERTIFICATOR_SETTINGS')
from .db import get_user_by_id, get_user
login_manager = LoginManager()
login_manager.user_loader(get_user_by_id)
login_manager.init_app(app)
browser_id = BrowserID()
browser_id.user_loader(get_user)
browser_id.init_app(app)
Bootstrap(app)
from .db import db as sqla
sqla.init_app(app)
sqla.app = app
sqla.create_all()
import stripe
stripe.api_key = app.config['STRIPE_SECRET_KEY']
from .views import root, quiz, dashboard, certificate
app.register_blueprint(root)
app.register_blueprint(quiz)
app.register_blueprint(dashboard)
app.register_blueprint(certificate)
return app
def initialise(self):
"""
The application needs initialisation to load the database
connection etc. In previous versions this was done with the
initialisation of the class in the __init__ method. This is
now separated into this function.
"""
#: Check if the secret key is defined, if not raise an
#: exception since it is required
assert self.secret_key, 'Secret Key is not defined in config'
#: Load the cache
self.load_cache()
#: Initialise the CSRF handling
self.csrf_protection = CsrfProtect()
self.csrf_protection.init_app(self)
self.view_functions['static'] = self.send_static_file
# Backend initialisation
self.load_backend()
#: Initialise the login handler
login_manager = LoginManager()
login_manager.user_loader(self._pool.get('nereid.user').load_user)
login_manager.header_loader(
self._pool.get('nereid.user').load_user_from_header
)
login_manager.token_loader(
self._pool.get('nereid.user').load_user_from_token
)
login_manager.unauthorized_handler(
self._pool.get('nereid.user').unauthorized_handler
)
login_manager.login_view = "nereid.website.login"
login_manager.anonymous_user = self._pool.get('nereid.user.anonymous')
login_manager.init_app(self)
self.login_manager = login_manager
# Monkey patch the url_for method from flask-login to use
# the nereid specific url_for
flask.ext.login.url_for = url_for
self.template_context_processors[None].append(
self.get_context_processors()
)
# Add the additional template context processors
self.template_context_processors[None].append(
nereid_default_template_ctx_processor
)
# Add template_filters registered using decorator
for name, function in self.get_template_filters():
self.jinja_env.filters[name] = function
# Finally set the initialised attribute
self.initialised = True
def create_app(config):
app = Flask(__name__, static_url_path='', static_folder=STATIC_PATH)
init_app_config(app, config)
init_logger(app)
app.url_map.strict_slashes = False
lm = LoginManager()
lm.unauthorized_handler(basic_unauthorized)
lm.init_app(app)
lm.user_loader(load_user)
lm.session_protection = "strong"
# this patch needs because chrome will ignore cookies when using ip.
app.session_interface.get_cookie_domain = lambda _app: None
flex = FlexRestManager(db_base=Base, db_session_callback=global_session)
flex.init_app(app)
register_blueprints(app, BLUEPRINTS)
@app.after_request
def after_request(response):
dbs = global_session(create=False)
dbs and dbs.close()
return response
@app.route('/favicon.ico')
def favicon():
return app.send_static_file('images/favicon.ico')
return app
def app_factory(config):
# create app
app = Flask(__name__)
app.config.from_object(config)
# database
db.init_app(app)
whoosh_index(app, Post)
# flask-login
login_manager = LoginManager(app)
login_manager.user_loader(load_user)
# flask-wtf csrf protection
CsrfProtect(app)
# jinja2 config
jinja.init_app(app)
# blueprints
from blog import blog
app.register_blueprint(blog)
from api import api
app.register_blueprint(api, url_prefix='/api')
return app
def __initLoginManager(self):
login_manager = LoginManager()
login_manager.anonymous_user = SupportUser.Anonymous
login_manager.login_view = '/login'
login_manager.login_message = ''
login_manager.user_loader(loadUserByID)
login_manager.init_app(self)
def create_app(testing=False):
app = Flask(__name__)
if os.environ.get('DRIP_ENV', '') == 'production':
app.config.from_object('drip.config.Production')
else:
app.config.from_object('drip.config.Development')
app.template_folder = os.path.join(PATH, 'templates')
if not testing:
# Monitoring.
newrelic.agent.initialize(os.path.join(PATH, '..', 'newrelic-web.ini'), 'development')
db = create_mongo(app)
login_manager = LoginManager()
login_manager.init_app(app)
# noinspection PyTypeChecker
login_manager.user_loader(get_user)
login_manager.login_view = "user.login"
# views with jinja templates
app.register_blueprint(main)
app.register_blueprint(shopify)
app.register_blueprint(dashboard)
return app
def init_app(app):
login = LoginManager()
login.init_app(app)
login.login_view = "auth.signup"
login.user_loader(load_user)
app.context_processor(user_context)
return app
class AuthenticationModule(SystemModule):
def __init__(self, *args, **kwargs):
super(AuthenticationModule, self).__init__(*args, **kwargs)
self.login_manager = LoginManager()
self.login_manager.login_message_category = "warning"
self.login_manager.user_loader(self.load_user)
self.logged_in_menu = DropdownMenu()
self.login_text = mydomain.lazy_gettext('Login...')
self.logged_in_user_text = mydomain.lazy_gettext('User: '******'.' + view.__name__
return view
def register(self, app, *args, **kwargs):
super(AuthenticationModule, self).register(app, *args, **kwargs)
self.login_manager.init_app(app)
def login_url(self):
return login_url(self.login_manager.login_view,
request.url)
def logged_in_text(self):
return self.logged_in_user_text + ' ' + self.get_current_user_name()
def get_current_user_name(self):
return current_user.get_name()
def user_menu(self, text, group='', values={}):
def wrap(view):
name = self.name + '.' + view.__name__
entry = self.menu_entry_for_view(view, text, values=values)
self.logged_in_menu.add_entry(name, entry, group)
return view
return wrap
def get_anonymous_system_menu(self):
return MenuItem(text=self.login_text,
url=self.login_url())
def get_system_menu_item(self):
if current_user.is_anonymous():
return self.get_anonymous_system_menu()
else:
return MenuItem(text=self.logged_in_text(),
items=self.logged_in_menu.build_real_menu())
def handle_forbidden_endpoint(self):
if current_user.is_anonymous():
return self.login_manager.unauthorized()
else:
return self.forbidden()
def forbidden(self):
return abort(403)
def __init__(self, app, user_repository):
self.user_repository = user_repository
login_manager = LoginManager()
login_manager.user_loader(self.user_repository.get_by_username)
login_manager.setup_app(app)
self.login_manager = login_manager
def _get_login_manager(app):
lm = LoginManager()
lm.anonymous_user = AnonymousUser
lm.login_view = '%s.login' % cv('BLUEPRINT_NAME', app=app)
lm.user_loader(_user_loader)
lm.token_loader(_token_loader)
lm.init_app(app)
return lm
def setup_interactive(app):
lm = LoginManager()
lm.login_view = "login"
lm.user_loader(get_user)
@lm.unauthorized_handler
def unauth():
return "UNAUTHORIZED!"
lm.setup_app(app)
def __init__(self, app, user_repository):
self.user_repository = user_repository
login_manager = LoginManager()
login_manager.user_loader(self.user_repository.get_by_username)
login_manager.setup_app(app)
self.login_manager = login_manager
def initialise(self):
"""
The application needs initialisation to load the database
connection etc. In previous versions this was done with the
initialisation of the class in the __init__ method. This is
now separated into this function.
"""
#: Check if the secret key is defined, if not raise an
#: exception since it is required
assert self.secret_key, 'Secret Key is not defined in config'
#: Load the cache
self.load_cache()
#: Initialise the CSRF handling
self.csrf_protection = NereidCsrfProtect()
self.csrf_protection.init_app(self)
self.view_functions['static'] = self.send_static_file
# Backend initialisation
self.load_backend()
#: Initialise the login handler
login_manager = LoginManager()
login_manager.user_loader(self._pool.get('nereid.user').load_user)
login_manager.header_loader(
self._pool.get('nereid.user').load_user_from_header)
login_manager.token_loader(
self._pool.get('nereid.user').load_user_from_token)
login_manager.unauthorized_handler(
self._pool.get('nereid.user').unauthorized_handler)
login_manager.login_view = "nereid.website.login"
login_manager.anonymous_user = self._pool.get('nereid.user.anonymous')
login_manager.init_app(self)
self.login_manager = login_manager
# Monkey patch the url_for method from flask-login to use
# the nereid specific url_for
flask.ext.login.url_for = url_for
self.template_context_processors[None].append(
self.get_context_processors())
# Add the additional template context processors
self.template_context_processors[None].append(
nereid_default_template_ctx_processor)
# Add template_filters registered using decorator
for name, function in self.get_template_filters():
self.jinja_env.filters[name] = function
# Initialize Babel
Babel(self)
# Finally set the initialised attribute
self.initialised = True
class AuthenticationModule(SystemModule):
def __init__(self, *args, **kwargs):
super(AuthenticationModule, self).__init__(*args, **kwargs)
self.login_manager = LoginManager()
self.login_manager.login_message_category = "warning"
self.login_manager.user_loader(self.load_user)
self.logged_in_menu = DropdownMenu()
self.login_text = mydomain.lazy_gettext('Login...')
self.logged_in_user_text = mydomain.lazy_gettext('User: '******'.' + view.__name__
return view
def register(self, app, *args, **kwargs):
super(AuthenticationModule, self).register(app, *args, **kwargs)
self.login_manager.init_app(app)
def login_url(self):
return login_url(self.login_manager.login_view, request.url)
def logged_in_text(self):
return self.logged_in_user_text + ' ' + self.get_current_user_name()
def get_current_user_name(self):
return current_user.get_name()
def user_menu(self, text, group='', values={}):
def wrap(view):
name = self.name + '.' + view.__name__
entry = self.menu_entry_for_view(view, text, values=values)
self.logged_in_menu.add_entry(name, entry, group)
return view
return wrap
def get_anonymous_system_menu(self):
return MenuItem(text=self.login_text, url=self.login_url())
def get_system_menu_item(self):
if current_user.is_anonymous():
return self.get_anonymous_system_menu()
else:
return MenuItem(text=self.logged_in_text(),
items=self.logged_in_menu.build_real_menu())
def handle_forbidden_endpoint(self):
if current_user.is_anonymous():
return self.login_manager.unauthorized()
else:
return self.forbidden()
def forbidden(self):
return abort(403)
def get_login_manager(app):
lm = LoginManager(app)
lm.session_protection = 'strong'
lm.anonymous_user = AnonymousUser
lm.login_view = '/login'
lm.user_loader(load_user)
lm.token_loader(load_token)
lm.init_app(app)
return lm
def started(self):
"""Register mapping url to web server"""
template_folder = os.path.join(self.module_path, 'templates')
app = Blueprint('Auth',
__name__,
url_prefix='/auth',
template_folder=template_folder)
# url mapping
app.add_url_rule('/', 'index', view_func=self._index)
app.add_url_rule('/login',
'login',
view_func=self._login,
methods=['GET', 'POST'])
app.add_url_rule('/logout', 'logout', view_func=self._logout)
app.add_url_rule('/users', 'users', view_func=self._users)
app.add_url_rule('/user',
'new_user',
view_func=self._user,
methods=['GET', 'POST'])
app.add_url_rule('/user/<user_name>',
'user',
view_func=self._user,
methods=['GET', 'POST'])
# register to flask
module = ModuleManager.get('web')
if not module:
self.add_critical('no module name "web"')
raise FileNotFoundError
module.add_blueprint(app)
login_manager = LoginManager()
login_manager.login_view = '%s.login' % app.name
login_manager.init_app(module.flask)
login_manager.user_loader(auth.load)
# set url to login required
exclude_login_required_url = [
'static', login_manager.login_view
] + DataFileManager.load(self.name, 'exclude_login_required_url', [])
def filter_app(get_apps_handler):
def inner():
return [
app for app in get_apps_handler()
if current_user.can_access(app['name'])
]
return inner
for endpoint, view_func in module.flask.view_functions.copy().items():
if endpoint not in exclude_login_required_url:
module.flask.view_functions[endpoint] = login_required(
view_func)
module.get_apps = filter_app(module.get_apps)
def _get_login_manager(app):
lm = LoginManager()
lm.anonymous_user = AnonymousUser
lm.login_view = '%s.login' % cv('BLUEPRINT_NAME', app=app)
lm.user_loader(_user_loader)
lm.login_message = None
lm.needs_refresh_message = None
lm.unauthorized_callback = lambda: abort(401)
lm.init_app(app)
return lm
def _get_login_manager(app):
lm = LoginManager()
lm.anonymous_user = AnonymousUser
lm.login_view = '%s.login' % cv('BLUEPRINT_NAME', app=app)
lm.user_loader(_user_loader)
lm.token_loader(_token_loader)
lm.login_message, lm.login_message_category = cv('MSG_LOGIN', app=app)
lm.needs_refresh_message, lm.needs_refresh_message_category = cv('MSG_REFRESH', app=app)
lm.init_app(app)
return lm
def setup_interactive(app):
lm = LoginManager()
lm.login_view = "login"
lm.user_loader(get_user)
@lm.unauthorized_handler
def unauth():
return "UNAUTHORIZED!"
lm.setup_app(app)
def _get_login_manager(app):
lm = LoginManager()
lm.anonymous_user = AnonymousUser
lm.login_view = '%s.login' % cv('BLUEPRINT_NAME', app=app)
lm.user_loader(_user_loader)
lm.token_loader(_token_loader)
lm.login_message, lm.login_message_category = cv('MSG_LOGIN', app=app)
lm.needs_refresh_message, lm.needs_refresh_message_category = cv(
'MSG_REFRESH', app=app)
lm.init_app(app)
return lm
def logging_in(app):
lm = LoginManager()
lm.login_view = "login"
lm.user_loader(get_user)
lm.setup_app(app)
app.preprocess_request()
assert not current_user.is_authenticated()
assert current_user.is_anonymous()
with assert_fired(user_logged_in):
login_user(notch)
assert current_user.name == u"Notch"
assert session["user_id"] == u"1"
def setup_login_manager(app):
"""
Configure the LoginManager for the provided app.
"""
login_manager = LoginManager()
login_manager.login_view = 'auth.login_user'
login_manager.login_message = 'Resource access not authorized.'
login_manager.login_message_category = 'error'
login_manager.anonymous_user = AnonymousUser
login_manager.init_app(app)
login_manager.user_loader(load_user)
user_logged_in.connect(on_login, app)
def logging_in(app):
lm = LoginManager()
lm.login_view = "login"
lm.user_loader(get_user)
lm.setup_app(app)
app.preprocess_request()
assert not current_user.is_authenticated()
assert current_user.is_anonymous()
with assert_fired(user_logged_in):
login_user(notch)
assert current_user.name == u"Notch"
assert session["user_id"] == u"1"
def _get_login_manager(app):
lm = LoginManager()
lm.anonymous_user = AnonymousUser
lm.login_view = "%s.login" % cv("BLUEPRINT_NAME", app=app)
lm.user_loader(_user_loader)
lm.token_loader(_token_loader)
if cv("FLASH_MESSAGES", app=app):
lm.login_message, lm.login_message_category = cv("MSG_LOGIN", app=app)
lm.needs_refresh_message, lm.needs_refresh_message_category = cv("MSG_REFRESH", app=app)
else:
lm.login_message = None
lm.needs_refresh_message = None
lm.init_app(app)
return lm
def record_login_manager(state):
login_manager = LoginManager()
login_manager.login_view = 'FoodTruck.login'
login_manager.user_loader(load_user)
if state.app.config['SECRET_KEY'] == 'temp-key':
def _handler():
from flask import render_template
return render_template('error.html',
error="No secret key has been set!")
logger.debug("No secret key found, disabling website login.")
login_manager.unauthorized_handler(_handler)
login_manager.login_view = None
login_manager.init_app(state.app)
def started(self):
"""Register mapping url to web server"""
template_folder = os.path.join(self.module_path, 'templates')
app = Blueprint('Auth', __name__, url_prefix='/auth',
template_folder=template_folder)
# url mapping
app.add_url_rule('/', 'index', view_func=self._index)
app.add_url_rule('/login', 'login', view_func=self._login,
methods=['GET', 'POST'])
app.add_url_rule('/logout', 'logout', view_func=self._logout)
app.add_url_rule('/users', 'users', view_func=self._users)
app.add_url_rule('/user', 'new_user', view_func=self._user,
methods=['GET', 'POST'])
app.add_url_rule('/user/<user_name>', 'user', view_func=self._user,
methods=['GET', 'POST'])
# register to flask
module = ModuleManager.get('web')
if not module:
self.add_critical('no module name "web"')
raise FileNotFoundError
module.add_blueprint(app)
login_manager = LoginManager()
login_manager.login_view = '%s.login' % app.name
login_manager.init_app(module.flask)
login_manager.user_loader(auth.load)
# set url to login required
exclude_login_required_url = [
'static',
login_manager.login_view
] + DataFileManager.load(self.name, 'exclude_login_required_url', [])
def filter_app(get_apps_handler):
def inner():
return [app for app in get_apps_handler() if
current_user.can_access(app['name'])]
return inner
for endpoint, view_func in module.flask.view_functions.copy().items():
if endpoint not in exclude_login_required_url:
module.flask.view_functions[endpoint] = login_required(view_func)
module.get_apps = filter_app(module.get_apps)
def generate_app():
app = flask.Flask(__name__)
app.config['BROWSERID_LOGIN_URL'] = "/login"
app.config['BROWSERID_LOGOUT_URL'] = "/logout"
app.config['SECRET_KEY'] = "deterministic"
app.config['TESTING'] = True
login_manager = LoginManager()
login_manager.user_loader(get_user_by_id)
login_manager.init_app(app)
browserid = BrowserID()
browserid.user_loader(get_user)
browserid.init_app(app)
app.route('/')(index)
return app
def generate_app():
app = flask.Flask(__name__)
app.config['BROWSERID_LOGIN_URL'] = "/login"
app.config['BROWSERID_LOGOUT_URL'] = "/logout"
app.config['SECRET_KEY'] = "deterministic"
app.config['TESTING'] = True
login_manager = LoginManager()
login_manager.user_loader(get_user_by_id)
login_manager.init_app(app)
browserid = BrowserID()
browserid.user_loader(get_user)
browserid.init_app(app)
app.route('/')(index)
return app
def _init_flask(self, app):
"""
Initialize the Flask application. Override *_create_flask_app()* to use another class.
"""
self.logger.info("Initializing Flask application ...")
app.wok = self
app.logger_name = "web"
app.teardown_request(self._teardown_request)
login_manager = LoginManager()
login_manager.init_app(self.app)
login_manager.user_loader(self._load_user)
login_manager.login_message = "Please sign in to access this page."
#self.login_manager.anonymous_user = ...
app.register_blueprint(core.bp, url_prefix="/core")
def _init_flask(self, app):
"""
Initialize the Flask application. Override *_create_flask_app()* to use another class.
"""
self.logger.info("Initializing Flask application ...")
app.wok = self
app.logger_name = "web"
app.teardown_request(self._teardown_request)
login_manager = LoginManager()
login_manager.init_app(self.app)
login_manager.user_loader(self._load_user)
login_manager.login_message = "Please sign in to access this page."
#self.login_manager.anonymous_user = ...
app.register_blueprint(core.bp, url_prefix="/core")
def _generate_app(self):
app = Flask(__name__)
app.config['PROPAGATE_EXCEPTIONS'] = True
app.config['SQLALCHEMY_DATABASE_URI'] = 'postgres:///ealgis'
app.config['BROWSERID_LOGIN_URL'] = "/api/0.1/login"
app.config['BROWSERID_LOGOUT_URL'] = "/api/0.1/logout"
with open('/etc/ealgis/secret_key') as secret_fd:
secret_key = secret_fd.read().rstrip()
app.config['SECRET_KEY'] = secret_key
app.config['TESTING'] = True
login_manager = LoginManager()
login_manager.user_loader(self.get_user_by_id)
login_manager.init_app(app)
browserid = BrowserID()
browserid.user_loader(self.browserid_get_user)
browserid.init_app(app)
return app
def _generate_app(self):
app = Flask(__name__)
app.wsgi_app = ReverseProxied(app.wsgi_app)
app.config['PROPAGATE_EXCEPTIONS'] = True
app.config['SQLALCHEMY_DATABASE_URI'] = self._connection_string()
app.config['BROWSERID_LOGIN_URL'] = "/api/0.1/login"
app.config['BROWSERID_LOGOUT_URL'] = "/api/0.1/logout"
with open('/data/secret_key') as secret_fd:
secret_key = secret_fd.read().rstrip()
app.config['SECRET_KEY'] = secret_key
# Warning: this *disables* authentication on the API
# app.config['TESTING'] = True
login_manager = LoginManager()
login_manager.user_loader(self.get_user_by_id)
login_manager.init_app(app)
browserid = BrowserID()
browserid.user_loader(self.browserid_get_user)
browserid.init_app(app)
return app
def _generate_app(self):
app = Flask(__name__)
app.wsgi_app = ReverseProxied(app.wsgi_app)
app.config['PROPAGATE_EXCEPTIONS'] = True
app.config['SQLALCHEMY_DATABASE_URI'] = self._connection_string()
app.config['BROWSERID_LOGIN_URL'] = "/api/0.1/login"
app.config['BROWSERID_LOGOUT_URL'] = "/api/0.1/logout"
with open('/data/secret_key') as secret_fd:
secret_key = secret_fd.read().rstrip()
app.config['SECRET_KEY'] = secret_key
# Warning: this *disables* authentication on the API
# app.config['TESTING'] = True
login_manager = LoginManager()
login_manager.user_loader(self.get_user_by_id)
login_manager.init_app(app)
browserid = BrowserID()
browserid.user_loader(self.browserid_get_user)
browserid.init_app(app)
return app
class Auth:
GHOST = 0
USER = 1
ADMIN = 2
SUPER_ADMIN = 3
class Anonymous(AnonymousUserMixin):
def __init__(self):
self._id = None
def get_id(self):
return unicode('')
def __init__(self):
self.__login_manager = LoginManager()
self.config = {}
def init_app(self, app, config):
print 'Attaching LoginManager to app.'
self.__login_manager.init_app(app)
self.__login_manager.anonymous_user = Auth.Anonymous
self.config = config
def load_user(user_id):
if user_id == '':
return None
Users = Database['Users']
try:
return Users.User.find_one({'_id': ObjectId(user_id)})
except:
return None
def unauthorized():
return jsonify(error='Unauthorized'), HTTP_401_UNAUTHORIZED
self.__login_manager.user_loader(load_user)
self.__login_manager.unauthorized_handler(unauthorized)
self.__bcrypt = Bcrypt(app)
def login_manager(self):
return self.__login_manager
def require(self, user_level):
def login_required(f):
@wraps(f)
def decorated_function(*args, **kwargs):
if current_user.is_authenticated(
) and current_user.get_access_level() >= user_level:
return f(*args, **kwargs)
return self.__login_manager.unauthorized()
return decorated_function
return login_required
def login(self, user_object, password):
if user_object is not None:
if self.__bcrypt.check_password_hash(user_object['password'],
password):
if not login_user(user_object):
return resource_strings["USER_NOT_ACTIVATED"]
else:
return 'Invalid password'
else:
return 'Invalid email'
return None
def login_social(self, login_type, token):
user_object = None
try:
user_object = SocialSignin.verify(login_type, token)
except SocialSignin.Invalid as e:
return str(e)
login_user(user_object)
def logout(self):
logout_user()
def hash_password(self, password):
return self.__bcrypt.generate_password_hash(password)
# decorator that protects other users from PUT/POST/DELETE on you stuff
# user_id _must_ be passed in as 'user_id'
def only_me(self, function):
@wraps(function)
def inner(*args, **kwargs):
if kwargs['user_id'] != 'me':
return '{}', HTTP_401_UNAUTHORIZED
return function(*args, **kwargs)
return inner
class AuthLoginManager(object):
"""
Auth login manager
"""
manager = None
app = None
user_cls = None
token_cls = None
db = None
req_tok_type = None
def __init__(self, app, db, user_cls, token_cls):
"""
Constructor
"""
self.db = db
self.user_cls = user_cls
self.token_cls = token_cls
self.app = app
self.req_tok_type = (
app.config.get(
'AUTH_TOKEN_TYPE',
REQ_TOK_TYPES['header']
)
)
self.manager = LoginManager()
self.manager.request_loader(self._load_user_from_request)
self.manager.user_loader(self._load_user)
self.manager.token_loader(self._user_from_token)
self.manager.unauthorized_handler(self.unauthorized)
self.manager.init_app(self.app)
return None
def get_manager(self):
"""
Get login manager
"""
return self.manager
def _load_user_from_request(self, request):
"""
Callback to load a user from a Flask request object
See:
https://flask-login.readthedocs.org
/en/latest/#custom-login-using-request-loader
"""
req_token = (
request_helpers
.get_request_token(
self.req_tok_type,
request
)
)
if req_token is None:
return None
auth_token = self.token_cls.query.filter_by(token=req_token).first()
if auth_token is None:
return None
session['is_authenticated'] = True
session['auth_token'] = auth_token.token
return auth_token.user
def _load_user(self, user_id):
"""
Load a user from a user id
"""
return self.user_cls.get(user_id)
def _user_from_token(self, token):
"""
Gets a user from a token
"""
auth_token = self.token_cls.query.filter_by(token=token).first()
if auth_token is None:
return None
return auth_token.user
def unauthorized(self):
"""
Unauthorized handler
"""
headers = {}
headers['Content-Type'] = "application/json"
payload = {
'msg': "Not authorized",
'code': 'not_authorized'
}
return Response(json.dumps(payload), 401, headers)
from timeout import timeout
from flask import jsonify, request, Response
import anyjson
import helpers
import csv_export
from datetime import date, datetime, timedelta
from filters import *
import re
from db_helpers import get_count, get_obj
from sqlalchemy import func, not_, and_, or_
import pytz
# Initialize login
login_manager = LoginManager()
login_manager.user_loader(get_user_by_id)
login_manager.init_app(app)
browser_id = BrowserID()
browser_id.user_loader(get_user)
browser_id.init_app(app)
@app.route("/login", methods=["GET", "POST"])
def login(email=None, password=None):
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
user_to_login = authenticate_login(email, password)
if user_to_login:
login_user(user_to_login)
class MainApp(object):
def __init__(self,
name,
cmds,
config='app.cfg',
host='127.0.0.1',
port=5000,
script_url=SCRIPT_URL,
not_public=False):
self.name = name
self.cmds = OrderedDict([(c.name, c) for c in cmds])
self.app = Flask(__name__)
self.config = os.path.abspath(config)
self.app.config.from_object('formcreator.DefaultConfig')
self.app.config.from_pyfile(self.config, silent=True)
# Directories with contents displayed in the page
self.dirs = []
self.host = host
self.port = port
if not_public:
self.not_public = True
# Create de database
self.db = db
self.app.test_request_context().push()
self.db.init_app(self.app)
self.db.create_all()
# Create admin user if doesn't exist
admin_user = User.query.get(1)
if not admin_user:
admin_user = User("admin", "admin", is_admin=True)
self.db.session.add(admin_user)
self.db.session.commit()
# Create hte LoginManager
self.login_manager = LoginManager()
self.login_manager.init_app(self.app)
self.login_manager.login_view = "login"
self.login_manager.user_loader(self.load_user)
# Create the url_rules for the Forms
for i, cmd in enumerate(self.cmds.values()):
if not_public:
url_function = partial(login_required(self.form), cmd.name)
else:
url_function = partial(self.form, cmd.name)
self.app.add_url_rule(SCRIPT_URL + (cmd.name if i > 0 else ''),
cmd.name,
url_function,
methods=['GET', 'POST'])
# Create the url_rules for serving Form's files directories
for c in cmds:
for d in c.dirs:
self.app.add_url_rule("{}{}/<path:filename>".format(
SCRIPT_URL, d),
"{}-{}".format(cmd.name, d),
partial(self.serve_files, d),
methods=['GET'])
self.dirs.append(DirContents(d))
if not_public:
self.app.add_url_rule("/login",
"login",
self.login,
methods=['POST', 'GET'])
self.app.add_url_rule("/logout",
"logout",
self.logout,
methods=['POST', 'GET'])
def logout(self):
logout_user()
return redirect("/")
def login(self):
login_form = wtforms.form.BaseForm(())
login_form['username'] = wtforms.TextField("Username")
login_form['password'] = wtforms.PasswordField("Password")
login_form['username'].data = ''
if request.method == 'POST':
login_form.process(request.form)
if login_form.validate():
# login and validate the user...
password = hashlib.sha256(
login_form['password'].data.encode('utf8')).hexdigest()
u = User.query.filter(
User.username == login_form['username'].data,
User.password == password).all()
if u:
login_user(u[0])
flash("Logged in successfully.")
return redirect(request.args.get("next") or "/")
else:
flash("Username or password incorrect, try again.")
return redirect("/login")
return render_template("login.html", form=login_form, app=self)
def load_user(self, userid):
return User.query.get(userid)
def run(self, *args, **kwargs):
self.app.run(debug=True, *args, **kwargs)
def serve_files(self, dir, filename):
file_path = os.path.abspath(os.path.join(os.getcwd(),
'{}')).format(dir)
return send_from_directory(file_path, filename)
def form(self, cmd_name):
f = self.cmds[cmd_name]
self.active = cmd_name
f.stdout = ''
if request.method == 'POST':
f.process(request.form)
if f.form.validate():
f.run()
return render_template('form.html',
form=f.fields_list(),
desc=Markup(f.desc),
dirs=self.dirs,
output_type=f.output_type,
output=f.stdout,
inline=f.inline,
app=self)
app.before_request(load_user_in_g)
def get_user(userid):
''' Get or create user document in local db, using info in LDAP '''
try:
return User.objects.get(id=userid)
except User.DoesNotExist:
user_info = plugldap.user_info(userid)
if user_info:
(user, created) = User.objects.get_or_create(id=user_info['uid'],
defaults=user_info)
return user
else:
return None
login_manager.user_loader(get_user)
def seed_users(invited_coordinators):
""" Helper function to import initial list of coordinators """
for uid, country in invited_coordinators:
user = get_user(uid)
user.country = country
if not user.token:
user.token = str(uuid.uuid4())
user.save()
@auth.route('/login', methods=['GET', 'POST'])
def login():
form = LoginForm()
class DefaultConfig(object):
SECRET_KEY = 'Isthisthereallife?Isthisjustfantasy?Caughtinalandslide'
# SQLALCHEMY_DATABASE_URI = 'sqlite:///./trombone.db'
SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://dialogando:senha@localhost/dialogando'
PROPAGATE_EXCEPTIONS = True
app = Flask(__name__)
#app.config.from_object('trombone.DefaultConfig')
app.config.from_pyfile('settings.cfg', silent=True)
# Configure the login manager
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.login_view = ".user.login"
login_manager.user_loader(user.load_user)
app.test_request_context().push()
db.init_app(app)
db.create_all()
# Create admin user if doesn't exist
admin_user = User.query.get(1)
if not admin_user:
admin_user = User("admin", "admin", is_admin=True)
db.session.add(admin_user)
db.session.commit()
# Create admin interface
admin.init_app(app)
def load_user_by_user_id(user_id):
from yelandur.models import User
return User.get(user_id)
def load_user_by_browserid(browserid_data):
from yelandur.models import User
return User.get_or_create_by_email(browserid_data.get('email'))
# Create the actual blueprint
auth = Blueprint('auth', __name__)
# Create the login manager
login_manager = LoginManager()
login_manager.user_loader(load_user_by_user_id)
# Create the BrowserID manager
browser_id = BrowserID()
browser_id.user_loader(load_user_by_browserid)
# Add the after-request CORS-adding function
browser_id.views.after_request(add_cors_headers)
@cors()
def debug_login():
from yelandur.models import User
try:
user_id = request.args['id']
u = User.get(user_id)
import skwele.views as views
from skwele.request import Request
from skwele.resources.user import user_loader, User, UserList
from skwele.resources.org import Org, OrgList
from skwele.resources.dataset import Dataset, DatasetList
app = Flask(__name__)
app.request_class = Request
api = Api(app)
app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.user_loader(user_loader)
#
# Flask-RESTful routing
#
api.add_resource(UserList, '/users')
api.add_resource(User, '/users/<id>', endpoint='user')
api.add_resource(OrgList, '/orgs')
api.add_resource(Org, '/orgs/<id>', endpoint='org')
api.add_resource(DatasetList, '/datasets')
api.add_resource(Dataset, '/datasets/<id>', endpoint='dataset')
#
# Flask routing
#
app.route('/')(views.index)
def _init_login(app):
"""Setup for Flask-Login."""
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.user_loader(User.get)
login_manager.login_view = '/signin'
def _init_login(app):
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.user_loader(User.get)
login_manager.login_view = "/signin"
class BaseApp(Flask, RulesMixin, EnvMixin, InitMixin):
login_anonymous = AnonymousUser
login_view = 'user_login'
login_refresh_view = 'user_login'
login_message = 'Please log in to access this page.'
settings = settings
def __init__(self, *args, **kw):
kw['static_folder'] = 'static/media'
kw['static_url_path'] = '/media'
super(BaseApp, self).__init__(*args, **kw)
self.configure()
def configure_envars(self):
self.from_env('SECRET_KEY')
self.from_env('SESSION_SALT')
self.from_env('SQLALCHEMY_DATABASE_URI', name='DATABASE_URL')
self.from_env('WHITELIST', type=lambda s: s.split('|'))
self.from_env('BLACKLIST', type=lambda s: s.split('|'))
def configure_app(self):
salt = self.config.get('SESSION_SALT')
self.session_interface = ItsdangerousSessionInterface(salt=salt)
def configure_wsgi(self):
self.configure_wsgi_static()
self.configure_wsgi_restrict()
def configure_wsgi_static(self):
self.wsgi_app = SharedDataMiddleware(self.wsgi_app,
{'/': ('pooldin', 'static')})
def configure_wsgi_restrict(self):
whitelist = self.config.get('WHITELIST')
blacklist = self.config.get('BLACKLIST')
if not whitelist and not blacklist:
return
self.wsgi_app = RestrictMiddleware(self.wsgi_app,
whitelist=whitelist,
blacklist=blacklist)
def init_extensions(self):
db.init_app(self)
self.assets = Environment(self)
self.assets.directory = os.path.join(path, 'assets')
self.assets.url = '/media'
self.login = LoginManager()
self.login.anonymous_user = self.login_anonymous
self.login.login_view = self.login_view
self.login.login_message = self.login_message
self.login.refresh_view = self.login_refresh_view
self.login.init_app(self)
self.login.user_loader(self.load_user)
self.login.init_app(self)
self.gravatar = Gravatar(
self,
size=350, # Default to header profile image size
default='mm', # Options available at gravatar.com
force_default=False,
force_lower=False)
def load_user(self, id):
return User.query.filter_by(id=id).first()
import config
# Set this up before touching handlers, since app is used in decorators.
# Simiarly db for models.
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = config.database
db = SQLAlchemy(app)
login_manager = LoginManager()
login_manager.init_app(app)
# Now we can import the rest
from admin import *
from handlers import *
from models import *
login_manager.user_loader(User.get_by_username)
login_manager.unauthorized = lambda: redirect('/login')
if __name__ == '__main__':
db.create_all()
Organisation.query.delete()
User.query.delete()
db.session.commit()
o1 = Organisation(name='The Big Issue')
o2 = Organisation(name='Helping Hands')
u1 = User(username='******', organisation=o1)
u1.set_password('potato')
u2 = User(username='******', organisation=o2)
u2.set_password('helloworld')
from flask import Markup
import pytz
import prefs
from database import db, create_flask_app
app = create_flask_app()
babel = Babel(app)
login_manager = LoginManager()
login_manager.init_app(app)
from controllers import threads, posts, users, applicants
login_manager.token_loader(users.token_loader)
login_manager.user_loader(users.user_loader)
login_manager.login_view = 'login'
login_manager.session_protection = 'strong'
@babel.localeselector
def get_locale():
return 'en' #request.accept_languages.best_match(prefs.Config.LANG_SUPPORT)
@app.route("/", defaults={'page': 1}, methods=['POST', 'GET'])
@app.route("/<int:page>", methods=['POST', 'GET'])
@login_required
def thread_list_view(page):
if request.method == 'GET':
prospective_applicants = applicants.get_prospective_applicants(
except NoResultFound:
return None
def get_admin(kwargs):
try:
admin = AdministratorModel.query.filter_by(email=kwargs['email']).first()
return admin
except NoResultFound:
return None
app = Flask(__name__)
app.config['SECRET_KEY'] = "deterministic"
login_manager = LoginManager()
login_manager.user_loader(get_admin_by_id)
login_manager.init_app(app)
browser_id = BrowserID()
browser_id.user_loader(get_admin)
browser_id.redirect_url = 'admin'
browser_id.init_app(app)
@app.route('/init')
def first_run():
import first_run
first_run.init()
return redirect(url_for("index"))
@app.route('/addCategory', methods=['GET', 'POST'])
def add_category():
# categories = category_controller.list()
except NoResultFound:
return None
def get_admin(kwargs):
try:
admin = AdministratorModel.query.filter_by(email=kwargs['email']).first()
return admin
except NoResultFound:
return None
app = Flask(__name__)
app.config['SECRET_KEY'] = "deterministic"
login_manager = LoginManager()
login_manager.user_loader(get_admin_by_id)
login_manager.init_app(app)
browser_id = BrowserID()
browser_id.user_loader(get_admin)
browser_id.redirect_url = 'admin'
browser_id.init_app(app)
@app.route('/init')
def first_run():
import first_run
first_run.init()
return redirect(url_for("index"))
@app.route('/addCategory', methods=['GET', 'POST'])
def add_category():
# categories = category_controller.list()
from flask import render_template
from flask.ext.login import LoginManager
from flask.ext.browserid import BrowserID
#from formencode import Invalid
from grano.core import app
from grano.model import User
from grano.views.sessions import blueprint as sessions
from grano.views.users import blueprint as users
from grano.views.projects import blueprint as projects
login_manager = LoginManager()
login_manager.user_loader(User.by_email)
login_manager.init_app(app)
browser_id = BrowserID()
browser_id.user_loader(User.from_browserid)
browser_id.init_app(app)
app.register_blueprint(sessions, url_prefix='/api/1')
app.register_blueprint(users, url_prefix='/api/1')
app.register_blueprint(projects, url_prefix='/api/1')
def angular_templates():
#if app.config.get('ASSETS_DEBUG'):
# return
partials_dir = os.path.join(app.static_folder, 'templates')
def __init__(self, uid, pwd):
self.id = uid
self.password = pwd
def load_user(user_id):
admin_id = g.config.get('security/username')
if admin_id == user_id:
admin_pwd = g.config.get('security/password')
return User(admin_id, admin_pwd)
return None
login_manager = LoginManager()
login_manager.login_view = 'login'
login_manager.user_loader(load_user)
def record_login_manager(state):
if state.app.secret_key == 'temp-key':
def _handler():
raise FoodTruckConfigNotFoundError()
logger.debug("No secret key found, disabling website login.")
login_manager.unauthorized_handler(_handler)
login_manager.login_view = None
# Setup Bcrypt.
from foodtruck.bcryptfallback import Bcrypt
bcrypt_ext = Bcrypt()
class BaseApp(Flask, RulesMixin, EnvMixin, InitMixin):
login_anonymous = AnonymousUser
login_view = 'user_login'
login_refresh_view = 'user_login'
login_message = 'Please log in to access this page.'
settings = settings
def __init__(self, *args, **kw):
kw['static_folder'] = 'static/media'
kw['static_url_path'] = '/media'
super(BaseApp, self).__init__(*args, **kw)
self.configure()
def configure_envars(self):
self.from_env('SECRET_KEY')
self.from_env('SESSION_SALT')
self.from_env('SQLALCHEMY_DATABASE_URI', name='DATABASE_URL')
self.from_env('WHITELIST', type=lambda s: s.split('|'))
self.from_env('BLACKLIST', type=lambda s: s.split('|'))
def configure_app(self):
salt = self.config.get('SESSION_SALT')
self.session_interface = ItsdangerousSessionInterface(salt=salt)
def configure_wsgi(self):
self.configure_wsgi_static()
self.configure_wsgi_restrict()
def configure_wsgi_static(self):
self.wsgi_app = SharedDataMiddleware(self.wsgi_app, {
'/': ('pooldin', 'static')
})
def configure_wsgi_restrict(self):
whitelist = self.config.get('WHITELIST')
blacklist = self.config.get('BLACKLIST')
if not whitelist and not blacklist:
return
self.wsgi_app = RestrictMiddleware(self.wsgi_app,
whitelist=whitelist,
blacklist=blacklist)
def init_extensions(self):
db.init_app(self)
self.assets = Environment(self)
self.assets.directory = os.path.join(path, 'assets')
self.assets.url = '/media'
self.login = LoginManager()
self.login.anonymous_user = self.login_anonymous
self.login.login_view = self.login_view
self.login.login_message = self.login_message
self.login.refresh_view = self.login_refresh_view
self.login.init_app(self)
self.login.user_loader(self.load_user)
self.login.init_app(self)
self.gravatar = Gravatar(self,
size=350, # Default to header profile image size
default='mm', # Options available at gravatar.com
force_default=False,
force_lower=False)
def load_user(self, id):
return User.query.filter_by(id=id).first()
def get_crypt(password, salt):
crypt = "%s-%s" % (salt, password)
for i in range(101):
crypt = "%s-%s-%s" % (crypt, salt, crypt)
crypt = hashlib.sha1(crypt).hexdigest()
return crypt
def login_user(username, password):
user = get_user(username)
if not user:
return None
return get_crypt(password, user['salt']) == user['pass'] and user
login_manager.user_loader(get_user)
@auth.route('/login', methods=['GET', 'POST'])
def login():
form = LoginForm()
if form.validate_on_submit():
username, password = request.form['username'], request.form['password']
user = login_user(username, password)
if user:
flask_login.login_user(user)
flash('Logged in successfully as %s %s (%s).' %
(user['first_name'], user['last_name'], user['_id']))
user['last_login'] = datetime.datetime.utcnow()
mongo().db.user.save(user)
resp = redirect(request.args.get("next") or url_for('hip.home'))
from flask.ext.login import LoginManager
from flask.ext.browserid import BrowserID
import time
app = Flask(__name__)
app.version = "0.1a"
# Secret key can change with each new version this forces all old logins to expire :)
app.config['SECRET_KEY'] = '\xad\xdb\xe9o\x84\x03S\xa93\xc2X\x0ejlq\xad\xcd1\xb0Ub'
# Import here so database it can reach the app object.
from database.login import get_user, get_user_by_id
# Set up the authentication realm
login_manager = LoginManager()
# Point it to the function that retrieves active users
login_manager.user_loader(get_user_by_id)
login_manager.init_app(app)
# Now the actual login system
browser_id = BrowserID()
browser_id.user_loader(get_user)
browser_id.init_app(app)
@app.route("/servertime")
def time_at_server():
"""Generic default testy route. Handy for debugging."""
return time.asctime()
@app.route("/persona/test")
def index():
"""Obsolete test for persona login."""
class SecurityManager(object):
session = None
auth_type = 1
auth_role_admin = ""
auth_role_public = ""
lm = None
oid = None
def __init__(self, app, session):
"""
SecurityManager contructor
param app:
The Flask app object
param session:
the database session for security tables, passed to BaseApp
"""
self.session = session
self.auth_type = self._get_auth_type(app)
self.auth_role_admin = self._get_auth_role_admin(app)
self.auth_role_public = self._get_auth_role_public(app)
self.lm = LoginManager(app)
self.lm.login_view = 'login'
self.oid = OpenID(app)
self.lm.user_loader(self.load_user)
self.init_db()
def register_views(self, baseapp):
baseapp.add_view_no_menu(ResetPasswordView())
baseapp.add_view_no_menu(ResetMyPasswordView())
if self._get_auth_type(baseapp.app) == AUTH_DB:
user_view = baseapp._init_view_session(UserDBGeneralView)
auth_view = AuthDBView()
else:
user_view = baseapp._init_view_session(UserOIDGeneralView)
auth_view = AuthOIDView()
self.oid.after_login_func = auth_view.after_login
baseapp.add_view_no_menu(auth_view)
baseapp.add_view(user_view, "List Users"
,"/users/list","user",
"Security")
role_view = baseapp._init_view_session(RoleGeneralView)
baseapp.add_view(role_view, "List Roles","/roles/list","tags","Security")
role_view.related_views = [user_view]
baseapp.menu.add_separator("Security")
baseapp.add_view(baseapp._init_view_session(PermissionViewGeneralView), "Base Permissions","/permissions/list","lock","Security")
baseapp.add_view(baseapp._init_view_session(ViewMenuGeneralView), "Views/Menus","/viewmenus/list","list-alt","Security")
baseapp.add_view(baseapp._init_view_session(PermissionGeneralView), "Permission on Views/Menus","/permissionviews/list","lock","Security")
def load_user(self, pk):
return self.get_user_by_id(int(pk))
def before_request(self):
g.user = current_user
def migrate_get_new_obj(self, old_obj, new_obj):
for col in old_obj.keys():
setattr(new_obj,col,getattr(old_obj,col))
return new_obj
def migrate_obj(self, old_table, new_class):
old_objs = self.session.query(old_table).all()
for old_obj in old_objs:
new_obj = self.migrate_get_new_obj(old_obj, new_class())
self.session.add(new_obj)
self.session.commit()
def quick_mapper(self, table):
Base = declarative_base()
class GenericMapper(Base):
__table__ = table
return GenericMapper
def migrate_db(self):
"""
Migrate security tables from Flask-AppBuilder 0.2.X to 0.3.X
"""
engine = self.session.get_bind(mapper=None, clause=None)
inspector = Inspector.from_engine(engine)
if 'user' in inspector.get_table_names() and 'role' in inspector.get_table_names() and 'permission' in inspector.get_table_names():
print "Found previous security tables, migrating..."
metadata = MetaData(engine)
old_user = Table('user', metadata, autoload=True)
old_role = Table('role', metadata, autoload=True)
old_permission = Table('permission', metadata, autoload=True)
old_permission_view = Table('permission_view', metadata, autoload=True)
old_view_menu = Table('view_menu', metadata, autoload=True)
old_permission_view_role = Table('permission_view_role', metadata, autoload=True)
print "Migrating Views and Menus"
self.migrate_obj(old_view_menu, ViewMenu)
print "Migrating Permissions"
self.migrate_obj(old_permission, Permission)
print "Migrating Permissions on Views"
self.migrate_obj(old_permission_view, PermissionView)
print "Migrating Roles"
self.migrate_obj(old_role, Role)
print "Migrating Roles to Permissions on Views"
self.migrate_obj(old_permission_view_role, self.quick_mapper(assoc_permissionview_role))
print "Migrating Users"
self.migrate_obj(old_user, User)
def init_db(self):
engine = self.session.get_bind(mapper=None, clause=None)
inspector = Inspector.from_engine(engine)
if 'ab_user' not in inspector.get_table_names():
print "Security DB not found Creating..."
Base.metadata.create_all(engine)
print "Security DB Created"
self.migrate_db()
if self.session.query(Role).filter_by(name = self.auth_role_admin).first() is None:
role = Role()
role.name = self.auth_role_admin
self.session.add(role)
self.session.commit()
print "Inserted Role for public access", self.auth_role_admin
if not self.session.query(Role).filter_by(name = self.auth_role_public).first():
role = Role()
role.name = self.auth_role_public
self.session.add(role)
self.session.commit()
print "Inserted Role for public access", self.auth_role_public
if not self.session.query(User).all():
user = User()
user.first_name = 'Admin'
user.last_name = 'User'
user.username = '******'
user.password = '******'
user.active = True
user.role = self.session.query(Role).filter_by(name = self.auth_role_admin).first()
self.session.add(user)
self.session.commit()
print "Inserted initial Admin user"
print "Login using Admin/general"
def auth_user_db(self, username, password):
if username is None or username == "":
return None
user = self.session.query(User).filter_by(username = username, password = password).first()
if user is None or (not user.is_active()):
return None
else:
return user
def auth_user_oid(self, email):
user = self.session.query(User).filter_by(email = email).first()
if user is None or (not user.is_active()):
return None
else:
return user
def reset_password(self, userid, password):
user = self.get_user_by_id(userid)
user.password = password
self.session.commit()
def get_user_by_id(self, pk):
return self.session.query(User).get(pk)
def _get_auth_type(self, app):
if 'AUTH_TYPE' in app.config:
return app.config['AUTH_TYPE']
else:
return AUTH_DB
def _get_auth_role_admin(self, app):
if 'AUTH_ROLE_ADMIN' in app.config:
return app.config['AUTH_ROLE_ADMIN']
else:
return 'Admin'
def _get_auth_role_public(self, app):
"""
To retrive the name of the public role
"""
if 'AUTH_ROLE_PUBLIC' in app.config:
return app.config['AUTH_ROLE_PUBLIC']
else:
return 'Public'
def is_menu_public(self, item):
"""
Check if menu item has public permissions
param item:
menu item
"""
role = self.session.query(Role).filter_by(name = self.auth_role_public).first()
lst = role.permissions
if lst:
for i in lst:
if item == i.view_menu.name:
return True
return False
else: return False
def is_item_public(self, permission_name, view_name):
"""
Check if view has public permissions
param permission_name:
the permission: can_show, can_edit...
param view_name:
the name of the class view (child of BaseView)
"""
role = self.session.query(Role).filter_by(name = self.auth_role_public).first()
lst = role.permissions
if lst:
for i in lst:
if (view_name == i.view_menu.name) and (permission_name == i.permission.name):
return True
return False
else: return False
def has_menu_access(self, user, menu_name):
lst = user.role.permissions
if lst:
for i in lst:
if menu_name == i.view_menu.name:
return True
return False
else: return False
def has_permission_on_view(self, user, permission_name, view_name):
lst = user.role.permissions
if lst:
for i in lst:
if (view_name == i.view_menu.name) and (permission_name == i.permission.name):
return True
return False
else: return False
def _add_permission(self, name):
"""
Adds a permission to the backend
param name:
name of the permission to add: 'can_add','can_edit' etc...
"""
perm = self.session.query(Permission).filter_by(name = name).first()
if perm == None:
perm = Permission()
perm.name = name
self.session.add(perm)
self.session.commit()
return perm
return perm
def _add_view_menu(self, name):
"""
Adds a view menu to the backend
param name:
name of the view menu to add
"""
view_menu = self.session.query(ViewMenu).filter_by(name = name).first()
if view_menu == None:
view_menu = ViewMenu()
view_menu.name = name
self.session.add(view_menu)
self.session.commit()
return view_menu
return view_menu
def _add_permission_view_menu(self, permission_name, view_menu_name):
"""
Adds a permission on a view menu to the backend
param permission_name:
name of the permission to add: 'can_add','can_edit' etc...
param view_menu_name:
name of the view menu to add
"""
vm = self._add_view_menu(view_menu_name)
perm = self._add_permission(permission_name)
pv = PermissionView()
pv.view_menu_id, pv.permission_id = vm.id, perm.id
self.session.add(pv)
self.session.commit()
print "Added Permission View" , str(pv)
return pv
def _find_permission(self, lst, item):
for i in lst:
if i.permission.name == item:
return True
return False
def add_permissions_view(self, base_permissions, view_menu):
"""
Adds a permission on a view menu to the backend
param base_permissions:
list of permissions from view (all exposed methods): 'can_add','can_edit' etc...
param view_menu:
name of the view or menu to add
"""
view_menu_db = self.session.query(ViewMenu).filter_by(name = view_menu).first()
if view_menu_db == None:
view_menu_db = self._add_view_menu(view_menu)
lst = self.session.query(PermissionView).filter_by(view_menu_id = view_menu_db.id).all()
# No permissions for this view
if lst == []:
for permission in base_permissions:
pv = self._add_permission_view_menu(permission, view_menu)
role_admin = self.session.query(Role).filter_by(name = self.auth_role_admin).first()
self.add_permission_role(role_admin, pv)
else:
for permission in base_permissions:
if not self._find_permission(lst, permission):
pv = self._add_permission_view_menu(permission, view_menu)
role_admin = self.session.query(Role).filter_by(name = self.auth_role_admin).first()
self.add_permission_role(role_admin, pv)
for item in lst:
if item.permission.name not in base_permissions:
# perm to delete
pass
def add_permissions_menu(self, view_menu):
view_menu_db = self.session.query(ViewMenu).filter_by(name = view_menu).first()
if view_menu_db == None:
view_menu_db = self._add_view_menu(view_menu)
lst = self.session.query(PermissionView).filter_by(view_menu_id = view_menu_db.id).all()
if lst == []:
pv = self._add_permission_view_menu('menu_access', view_menu)
role_admin = self.session.query(Role).filter_by(name = self.auth_role_admin).first()
self.add_permission_role(role_admin, pv)
def add_permission_role(self, role, perm_view):
if perm_view not in role.permissions:
role.permissions.append(perm_view)
self.session.merge(role)
self.session.commit()
print "Added Permission" , str(perm_view) , " to Role " , role.name
