def admin(): username = cas.validate() uername or abort(401) user = sess.query(User).get(username) user.user_type == "admin" or abort(403) # if not cas.validate(): abort(401) return "foobar"
def require_auth(user_type=None): """aborts on failure""" username = cas.validate() if username is None: abort(401) if user_type is not None: if user_type not in ['admin','user']: abort(500) user = sess.query(User).get(username) user.user_type == user_type or abort(403)
def home(): username = cas.validate() if username is None: user_type = "anon" else: user = sess.query(User).get(username) if user is None: abort(403) # user = User(username,user_type='user') user_type = user.user_type app.logger.debug("username = %r\n" % username) if "_cas_token" in session: app.logger.debug("_cas_token = %r" % session["_cas_token"]) else: app.logger.debug("_cas_token not set") return render_response("home.html", context=dict(user_type=user_type))