def __init__(self, application): settings = get_appsettings(self._config_file) engine = engine_from_config(settings, "sqlalchemy.") DBSession.configure(bind=engine) Base.metadata.bind = engine self.session_factory = session_factory_from_settings(settings)
def authorize(self, doc_id): doc = Doc.by_id(doc_id) if doc is None: # return the empty set of permissions return DENY identity = User.by_id(self.user_id) # first, check if we're the project owner if doc.owner == identity: return WRITER acl = DBSession.query(ProjectACLEntry).filter( ProjectACLEntry.user == identity, ProjectACLEntry.project == doc.project ).first() if acl is None: return DENY return { ProjectACLEntry.READER: READER, ProjectACLEntry.WRITER: WRITER }.get(acl.level, DENY)