def check(self, app, environ, start_response):
"""
Should return True if the user has the group or
False if the user doesn't exist or doesn't have the group.
In this implementation group names are case insensitive.
"""
if not environ.get('authkit.users'):
raise no_authkit_users_in_environ
if not environ.get('REMOTE_USER'):
if self.error:
raise self.error
raise NotAuthenticatedError('Not authenticated')
users = environ['authkit.users']
# Check the groups specified when setup actually exist
for group in self.groups:
if group is not None:
if not users.group_exists(group):
raise Exception("No such group %r exists" % group)
if not users.user_exists(environ['REMOTE_USER']):
raise NotAuthorizedError('No such user')
for group in self.groups:
if users.user_has_group(environ['REMOTE_USER'], group):
return app(environ, start_response)
if self.error:
raise self.error
else:
raise NotAuthorizedError(
"User is not a member of the specified group(s) %r" %
self.groups)
def check(self, app, environ, start_response):
if 'user' not in environ:
raise NotAuthenticatedError('Not Authenticated')
if not getattr(environ['user'], 'resident', False):
raise NotAuthorizedError('You are not allowed access.')
return app(environ, start_response)
def check(self, app, environ, start_response):
if 'REMOTE_USER' not in environ:
raise NotAuthenticatedError('Not Authenticated')
if environ['REMOTE_USER'] not in self.users:
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
return app(environ, start_response)
def check(self, app, environ, start_response):
if 'pylons.routes_dict' not in environ:
# TODO: mandar un error acorde
raise NotAuthorizedError('No routes dict')
routesDict = environ['pylons.routes_dict']
if 'REMOTE_USER' not in environ:
raise NotAuthenticatedError('Not Authenticated')
#print "routes: " + routesDict[self.key]
#print "environ: " + environ['REMOTE_USER']
if self.key not in routesDict or \
routesDict[self.key] != environ['REMOTE_USER']:
raise NotAuthorizedError('Not Authorized')
return app(environ, start_response)
def check(self, app, environ, start_response):
if 'REMOTE_USER' not in environ:
raise NotAuthenticatedError('Not Authenticated') # pragma: nocover
environ['user'] = meta.Session.query(model.User).\
filter_by(username=unicode(environ['REMOTE_USER'])).\
first()
if environ['user'] == None:
raise NotAuthorizedError('You are not allowed access.') # pragma: nocover
return app(environ, start_response)
def check(self, app, environ, start_response):
if self.key not in environ:
raise Exception(
"No such key %r in environ so cannot check the host" %
self.key)
if not environ.get(self.key) in self.hosts:
raise NotAuthorizedError('Host %r not allowed' %
environ.get(self.key))
return app(environ, start_response)
def check(self, app, environ, start_response):
if 'authkit.users' not in environ:
raise no_authkit_users_in_environ
if not environ.get('REMOTE_USER'):
raise NotAuthenticatedError('Not Authenticated')
if not environ['authkit.users'].user_exists(environ['REMOTE_USER']):
raise NotAuthorizedError(
'You are not one of the users allowed to access this resource.'
)
return app(environ, start_response)
def check(self, app, environ, start_response):
"""
Should return True if the user has the role or
False if the user doesn't exist or doesn't have the role.
In this implementation role names are case insensitive.
"""
if not environ.get('authkit.users'):
raise no_authkit_users_in_environ
if not environ.get('REMOTE_USER'):
if self.error:
raise self.error
raise NotAuthenticatedError('Not authenticated')
users = environ['authkit.users']
if not users.user_exists(environ['REMOTE_USER']):
raise NotAuthorizedError('No such user')
# Check the groups specified when setup actually exist
for role in self.roles:
if not users.role_exists(role):
raise Exception("No such role %r exists" % role)
if self.all:
for role in self.roles:
if not users.user_has_role(environ['REMOTE_USER'], role):
if self.error:
raise self.error
else:
raise NotAuthorizedError(
"User doesn't have the role %s" % role.lower())
return app(environ, start_response)
else:
for role in self.roles:
if users.user_has_role(environ['REMOTE_USER'], role):
return app(environ, start_response)
if self.error:
raise self.error
else:
raise NotAuthorizedError(
"User doesn't have any of the specified roles")
def check(self, app, environ, start_response):
if 'REMOTE_USER' not in environ:
exc = NotAuthenticatedError('Not Authenticated')
if newstyle_exceptions:
raise exc
else:
raise exc.exception # see webob.exc for more details
elif self.accept_empty == False and not environ['REMOTE_USER']:
exc = NotAuthorizedError('Not Authorized')
if newstyle_exceptions:
raise exc
else:
raise exc.exception # ditto
return app(environ, start_response)
def check(self, app, environ, start_response):
today = datetime.datetime.now()
now = datetime.time(today.hour, today.minute, today.second,
today.microsecond)
error = NotAuthorizedError("Not authorized at this time of day")
if self.end > self.start:
if now >= self.start and now < self.end:
return app(environ, start_response)
else:
raise error
else:
if now < datetime.time(23, 59, 59, 999999) and now >= self.start:
return app(environ, start_response)
elif now >= datetime.time(0) and now < self.end:
return app(environ, start_response)
else:
raise error
def __init__(self, key, error=NotAuthorizedError('Not Authorized')):
self.key = key
self.error = error
def check(self, app, environ, start_response):
if 'REMOTE_USER' not in environ:
raise NotAuthenticatedError('Not Authenticated')
elif self.accept_empty == False and not environ['REMOTE_USER']:
raise NotAuthorizedError('Not Authorized')
return app(environ, start_response)