def _secure_tile(tile, permission, authn_policy, authz_policy, strict):
"""wraps tile and does security checks.
"""
wrapped_tile = tile
if not authn_policy and not authz_policy:
return tile
def _secured_tile(context, request):
principals = authn_policy.effective_principals(request)
if authz_policy.permits(context, principals, permission):
return tile(context, request)
msg = getattr(request, 'authdebug_message',
'Unauthorized: tile %s failed permission check' % tile)
if strict:
raise Forbidden(msg)
settings = request.registry.settings
if settings.get('debug_authorization', False):
logger = request.registry.getUtility(IDebugLogger)
logger.debug(msg)
return u''
_secured_tile.__call_permissive__ = tile
def _permitted(context, request):
principals = authn_policy.effective_principals(request)
return authz_policy.permits(context, principals, permission)
_secured_tile.__permitted__ = _permitted
wrapped_tile = _secured_tile
preserve_view_attrs(tile, wrapped_tile)
return wrapped_tile
msg = getattr(request, 'authdebug_message',
'Unauthorized: tile %s failed permission check' % tile)
if strict:
raise Forbidden(msg)
settings = get_settings()
if settings.get('debug_authorization', False):
logger = IDebugLogger()
logger.debug(msg)
return u''
_secured_tile.__call_permissive__ = tile
def _permitted(context, request):
principals = authn_policy.effective_principals(request)
return authz_policy.permits(context, principals, permission)
_secured_tile.__permitted__ = _permitted
wrapped_tile = _secured_tile
preserve_view_attrs(tile, wrapped_tile)
return wrapped_tile
# Registration
def registerTile(name, path=None, attribute='render',
interface=Interface, class_=Tile,
permission='view', strict=True, _level=2):
"""registers a tile.
``name``
identifier of the tile (for later lookup).
``path``
either relative path to the template or absolute path or path prefixed
by the absolute package name delimeted by ':'. If ``path`` is used
``attribute`` is ignored.