def check_creds(request, caps=[None]): user = User.authenticated(request) digest = AccessCapability.present(request.session.get_csrf_token()) offered = set(request.POST.getall(AUTH_POST_KEY)) if caps is None: caps = [None] if user is None else AccessCapability.usable(user=user) return [c for c in caps if digest(c) in offered and (c is None or c.user == user)]
def capability_finder(userid, request):
# Always include the Everyone principal
principals = [Everyone]
# Make sure a user with the provided id actually exists
user = User.get(userid)
if user is not None:
# Include the given user's principal and the Authenticated principal
principals.append('user:%s' % userid)
principals.append(Authenticated)
# Grab the hash tokens present in the request and the hash lookup
# function for all of the user's valid and applicable capabilities
tokens = request.POST.getall(AUTH_POST_KEY)
presented = AccessCapability.presented(user, request.session.get_csrf_token())
# Add "capability:<action_type>:<access_type>" to the principals for
# each capability which was correctly presented as a token in the request
principals.extend((('capability:%s:%s' % (c.action_class.__name__, c.access_type))
for c in imap(presented, tokens)
if c is not None))
return principals
def offer_creds(request, caps=[None]): digest = AccessCapability.present(request.session.get_csrf_token()) ret = '' for cap in caps: ret += '<input type="hidden" name="%s" value="%s" />\n' % (AUTH_POST_KEY, digest(cap)) return HTML(ret)
