def _login(request, filter_, pwd, remote_addr):
"""
Performs login.
Called by the ``login_by...`` functions which initialise the filter.
"""
filter_.append(User.is_enabled == True)
filter_.append(User.is_blocked == False)
sess = DbSession()
try:
u = sess.query(User).filter(and_(*filter_)).one()
except NoResultFound:
raise AuthError('User not found')
# We have found the requested user, now broadcast this info so that
# preparations can take place before we actually log him in.
request.registry.notify(BeforeUserLoggedIn(request, u))
# Now log user in
if not pym.security.pwd_context.verify(pwd, u.pwd):
raise AuthError('Wrong credentials')
# And save some stats
u.login_time = datetime.datetime.now()
u.login_ip = remote_addr
u.logout_time = None
u.editor_id = SYSTEM_UID
request.registry.notify(
UserLoggedIn(request, u)
)
return u
def __acl__(self):
"""
ACL for Pyramid's authorization policy.
"""
sess = sa.inspect(self).session
# Bind ourselves to a new session in case we'd lost our session. This
# may happen if the current request created an exception, which closes
# the current session, and Pyramid redirects to an error page. That
# error page again uses DB objects, but since the session had been
# closed, it fails with a DetachedInstanceError, or and object's session
# being None.
if not sess:
sess = DbSession()
sess.add(self)
acl = []
perms = pam.Permission.load_all(sess)
# Convert self.acl into Pyramid's ACL
for ace in self.acl:
pyr_ace = ace.to_pyramid_ace(perms)
acl.append(pyr_ace)
# If allow, allow all parents
if ace.allow:
if perms[ace.permission_id]['parents']:
for p in perms[ace.permission_id]['parents']:
pyr_ace2 = (pyr_ace[0], pyr_ace[1], p['name'])
acl.append(pyr_ace2)
# If deny, deny all children
else:
for ch in perms[ace.permission_id]['children']:
pyr_ace2 = (pyr_ace[0], pyr_ace[1], ch['name'])
acl.append(pyr_ace2)
return acl
def __acl__(self):
"""
ACL for Pyramid's authorization policy.
"""
sess = sa.inspect(self).session
# Bind ourselves to a new session in case we'd lost our session. This
# may happen if the current request created an exception, which closes
# the current session, and Pyramid redirects to an error page. That
# error page again uses DB objects, but since the session had been
# closed, it fails with a DetachedInstanceError, or and object's session
# being None.
if not sess:
sess = DbSession()
sess.add(self)
acl = []
perms = pam.Permission.load_all(sess)
# Convert self.acl into Pyramid's ACL
for ace in self.acl:
pyr_ace = ace.to_pyramid_ace(perms)
acl.append(pyr_ace)
# If allow, allow all parents
if ace.allow:
if perms[ace.permission_id]['parents']:
for p in perms[ace.permission_id]['parents']:
pyr_ace2 = (pyr_ace[0], pyr_ace[1], p[1])
acl.append(pyr_ace2)
# If deny, deny all children
else:
for ch in perms[ace.permission_id]['children']:
pyr_ace2 = (pyr_ace[0], pyr_ace[1], ch[1])
acl.append(pyr_ace2)
return acl
def logout(request, uid):
"""
Performs logout.
"""
sess = DbSession()
u = sess.query(User).filter(User.id == uid).one()
u.login_ip = None
u.login_time = None
u.access_time = None
u.logout_time = datetime.datetime.now()
u.editor_id = SYSTEM_UID
request.registry.notify(UserLoggedOut(request, u))
return u
def load_by_principal(principal):
"""
Loads a user instance by principal.
"""
sess = DbSession()
try:
p = sess.query(User).options(
FromCache("auth_short_term",
cache_key='auth:user:{}'.format(principal))
).filter(
User.principal == principal
).one()
except NoResultFound:
raise AuthError("User not found by principal '{}'".format(principal))
return p
def __init__(self, context, request):
global _tr
_tr = request.localizer.translate
self.context = context
self.request = request
self.sess = DbSession()
self.urls = dict(entity_rest_url=request.resource_path(context, 'xhr'))
def get_current_user(request):
"""
This method is used as a request method to reify a user object
to the request object as property ``user``.
"""
#mlgg.debug("get user: {}".format(request.path))
principal = pyramid.security.unauthenticated_userid(request)
sess = DbSession()
rc = request.registry.settings['rc']
user_class = _dnr.resolve(
rc.g('auth.class.user'))
cusr = CurrentUser(sess, request, user_class)
if principal is not None:
cusr.load_by_principal(principal)
return cusr
def root_factory(request):
#return root_node
sess = DbSession()
n = ResourceNode.load_root(sess, 'root')
return n