Exemple #1
0
    def check_authentication(self, *args, **kwargs):
        try:
            session_token = read_token(self)

            if not ValidateSessionTokenCommand(session_token=session_token).execute():
                raise AuthenticationException("Invalid Session Token provided")

            # Totally authenticated and permitted
            self.user = SessionToken.get_user_from_session_token(
                session_token_id=session_token
            )

        except AuthenticationException, e:
            self.abort(401)
Exemple #2
0
        def check_permissions(self, *args, **kwargs):

            try:
                invite_id = read_parameter_from_request('invite_id', self, kwargs=kwargs,safe=False)
                invite = Invite.get_by_unique_id(invite_id)
                if not invite:
                    raise Exception(
                        "This is not a valid Event. "
                        "Please check the url you're trying to access"
                    )

                invite_attendee_id = None
                if InvitePermission.Attendee in permissions or InvitePermission.Organizer in permissions:
                    invite_attendee_id = read_parameter_from_request('invite_attendee_id', self, kwargs)

                current_user = None

                session_token = read_token(self)

                if session_token and ValidateSessionTokenCommand(
                    session_token=session_token
                ).execute():
                    current_user = SessionToken.get_user_from_session_token(
                        session_token_id=session_token
                    )

                if not ValidateInvitePermissionsCommand(
                    invite,
                    current_user=current_user,
                    invite_attendee_id=invite_attendee_id,
                    permissions=permissions
                ).execute():
                    raise AuthenticationException("You dont have the permissions to modify the current Event")

                self.user = current_user
            except AuthenticationException, e:
                self.abort(401)
                raise e