def _get_display(my): # set up the security object from pyasm.security import Security, Sudo from pyasm.biz import Project from pyasm.web import WebContainer web = WebContainer.get_web() security = Security() security = my.handle_security(security) is_logged_in = security.is_logged_in() # guest mode # allow_guest = Config.get_value("security", "allow_guest") if allow_guest == 'true': allow_guest = True else: allow_guest = False guest_mode = Config.get_value("security", "guest_mode") if not guest_mode: guest_mode = 'restricted' #allow_guest = True #guest_mode = "full" # if not logged in, then log in as guest if not is_logged_in: if not allow_guest: return my.handle_not_logged_in() else: # login as guest security = Security() my.handle_guest_security(security) # for here on, the user is logged in login_name = Environment.get_user_name() # check if the user has permission to see this project project = web.get_context_name() if project == 'default': override_default = Config.get_value("install", "default_project") if override_default: project = override_default if project != 'default': security_version = get_security_version() if security_version == 1: default = "view" access = security.check_access("project", project, "view", default="view") else: default = "deny" key = { "code": project } key2 = { "code": "*" } #keys = [key] keys = [key, key2] access = security.check_access("project", keys, "allow", default=default) else: # you always have access to the default project access = True access = True if not access: if login_name == "guest": from pyasm.widget import WebLoginWdg msg = web.get_form_value(WebLoginWdg.LOGIN_MSG) if not msg: msg = "User [%s] is not allowed to see this project [%s]" % (login_name, project) web.set_form_value(WebLoginWdg.LOGIN_MSG, msg) return my.handle_not_logged_in(allow_change_admin=False) else: from pyasm.widget import WebLicenseWdg, BottomWdg, Error403Wdg widget = Widget() top = my.get_top_wdg() widget.add( top ) widget.add( Error403Wdg() ) widget.add( BottomWdg() ) widget.get_display() return if login_name == 'guest' and guest_mode == "full": # some extra security for guest users guest_url_allow = Config.get_value("security", "guest_url_allow") if guest_url_allow: items = guest_url_allow.split("|") allowed = False if my.hash: url = my.hash[0] else: url = "index" for item in items: item = item.strip("/") if item == url: allowed = True break if not allowed: return my.handle_not_logged_in() # some extra precautions in guest mode if login_name == 'guest' and guest_mode != "full": # show a restricted guest mode from pyasm.widget import WebLoginWdg, BottomWdg from tactic.ui.app import TitleTopWdg from pyasm.biz import Project from tactic.ui.panel import HashPanelWdg web = WebContainer.get_web() widget = Widget() top = TitleTopWdg() widget.add(top) body = top.get_body() body.add_gradient("background", "background", 5, -20) body.add_color("color", "color") # get the project from the url because we are still # in the admin project at this stage current_project = web.get_context_name() try: if current_project != "default": project = Project.get_by_code(current_project) assert project except Exception, e: web_wdg = None else: if not current_project or current_project == "default": current_project = Config.get_value("install", "default_project") if current_project and current_project != "default": Project.set_project(current_project) web_wdg = HashPanelWdg.get_widget_from_hash("/guest", return_none=True) if web_wdg: web_wdg = web_wdg.get_buffer_display() top.add(web_wdg) else: web_wdg = None if not web_wdg: msg = "No widget for Guest defined" web.set_form_value(WebLoginWdg.LOGIN_MSG, msg) top.add(WebLoginWdg() ) # create a web app and run it through the pipeline web_app = WebApp() web_app.get_display(widget) return
# for here on, the user is logged in login_name = Environment.get_user_name() # check if the user has permission to see this project project = web.get_context_name() if project == 'default': override_default = Project.get_default_project() if override_default: project = override_default if project != 'default': security_version = get_security_version() if security_version == 1: default = "view" access = security.check_access("project", project, "view", default="view") else: default = "deny" key = { "code": project } key2 = { "code": "*" } #keys = [key] keys = [key, key2] access = security.check_access("project", keys, "allow", default=default) else: # you always have access to the default project access = True access = True if not access: if login_name == "guest":
# for here on, the user is logged in login_name = Environment.get_user_name() # check if the user has permission to see this project project = web.get_context_name() if project == 'default': override_default = Project.get_default_project() if override_default: project = override_default if project != 'default': security_version = get_security_version() if security_version == 1: default = "view" access = security.check_access("project", project, "view", default="view") else: default = "deny" key = {"code": project} key2 = {"code": "*"} #keys = [key] keys = [key, key2] access = security.check_access("project", keys, "allow", default=default) else: # you always have access to the default project access = True