def check(self, app, environ, start_response): url = request.path fields = dict(request.GET) if fields.has_key('hash'): dburl = URLHash.find_by_hash(fields['hash']).url if dburl is not None: if url.startswith(dburl): return app(environ, start_response) raise NotAuthorizedError( "You are not authorised to view this page" )
def generate_hash(self, id): if not h.auth.authorized( h.auth.Or(h.auth.is_same_zookeepr_attendee(id), h.auth.has_organiser_role, h.auth.has_unique_key())): # Raise a no_auth error h.auth.no_role() url = h.url_for(action='view', id=id) c.hash = URLHash.find_by_url(url=url) if c.hash is None: c.hash = URLHash() c.hash.url = url meta.Session.add(c.hash) meta.Session.commit() # create an entry for the payment page (not needed) # TODO: depending on how the gateway works, you may need to make sure you have permissions for the page you get redirected to #c.hash = URLHash() #c.hash.url = h.url_for(action='pay') #meta.Session.add(c.hash) #meta.Session.commit() return render('/invoice/generate_url.mako')
def generate_hash(self, id): if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_attendee(id), h.auth.has_organiser_role, h.auth.has_unique_key())): # Raise a no_auth error h.auth.no_role() url = h.url_for(action='view', id=id) c.hash = URLHash.find_by_url(url=url) if c.hash is None: c.hash = URLHash() c.hash.url = url meta.Session.add(c.hash) meta.Session.commit() # create an entry for the payment page (not needed) # TODO: depending on how the gateway works, you may need to make sure you have permissions for the page you get redirected to #c.hash = URLHash() #c.hash.url = h.url_for(action='pay') #meta.Session.add(c.hash) #meta.Session.commit() return render('/invoice/generate_url.mako')
def lookup(self, hash): c.hash = URLHash.find_by_hash(hash) if c.hash is None: abort(404, "Sorry, Invalid Hash.") return self.transfer(url=c.hash.url)