def __acl__(self):
"""
ACL for Pyramid's authorization policy.
"""
sess = sa.inspect(self).session
# Bind ourselves to a new session in case we'd lost our session. This
# may happen if the current request created an exception, which closes
# the current session, and Pyramid redirects to an error page. That
# error page again uses DB objects, but since the session had been
# closed, it fails with a DetachedInstanceError, or and object's session
# being None.
if not sess:
sess = DbSession()
sess.add(self)
acl = []
perms = pam.Permission.load_all(sess)
# Convert self.acl into Pyramid's ACL
for ace in self.acl:
pyr_ace = ace.to_pyramid_ace(perms)
acl.append(pyr_ace)
# If allow, allow all parents
if ace.allow:
if perms[ace.permission_id]['parents']:
for p in perms[ace.permission_id]['parents']:
pyr_ace2 = (pyr_ace[0], pyr_ace[1], p[1])
acl.append(pyr_ace2)
# If deny, deny all children
else:
for ch in perms[ace.permission_id]['children']:
pyr_ace2 = (pyr_ace[0], pyr_ace[1], ch[1])
acl.append(pyr_ace2)
return acl
def __init__(self, context, request):
global _tr
_tr = request.localizer.translate
self.context = context
self.request = request
self.sess = DbSession()
self.urls = dict(entity_rest_url=request.resource_path(context, 'xhr'))
def get_current_user(request):
"""
This method is used as a request method to reify a user object
to the request object as property ``user``.
"""
#mlgg.debug("get user: {}".format(request.path))
principal = pyramid.security.unauthenticated_userid(request)
sess = DbSession()
rc = request.registry.settings['rc']
user_class = _dnr.resolve(
rc.g('auth.class.user'))
cusr = CurrentUser(sess, request, user_class)
if principal is not None:
cusr.load_by_principal(principal)
return cusr
def root_factory(request):
#return root_node
sess = DbSession()
n = ResourceNode.load_root(sess, 'root')
return n
