def check_authentication(self, *args, **kwargs): try: session_token = read_token(self) if not ValidateSessionTokenCommand(session_token=session_token).execute(): raise AuthenticationException("Invalid Session Token provided") # Totally authenticated and permitted self.user = SessionToken.get_user_from_session_token( session_token_id=session_token ) except AuthenticationException, e: self.abort(401)
def check_permissions(self, *args, **kwargs): try: invite_id = read_parameter_from_request('invite_id', self, kwargs=kwargs,safe=False) invite = Invite.get_by_unique_id(invite_id) if not invite: raise Exception( "This is not a valid Event. " "Please check the url you're trying to access" ) invite_attendee_id = None if InvitePermission.Attendee in permissions or InvitePermission.Organizer in permissions: invite_attendee_id = read_parameter_from_request('invite_attendee_id', self, kwargs) current_user = None session_token = read_token(self) if session_token and ValidateSessionTokenCommand( session_token=session_token ).execute(): current_user = SessionToken.get_user_from_session_token( session_token_id=session_token ) if not ValidateInvitePermissionsCommand( invite, current_user=current_user, invite_attendee_id=invite_attendee_id, permissions=permissions ).execute(): raise AuthenticationException("You dont have the permissions to modify the current Event") self.user = current_user except AuthenticationException, e: self.abort(401) raise e