def check_creds(request, caps=[None]): user = User.authenticated(request) digest = AccessCapability.present(request.session.get_csrf_token()) offered = set(request.POST.getall(AUTH_POST_KEY)) if caps is None: caps = [None] if user is None else AccessCapability.usable(user=user) return [c for c in caps if digest(c) in offered and (c is None or c.user == user)]
def capability_finder(userid, request): # Always include the Everyone principal principals = [Everyone] # Make sure a user with the provided id actually exists user = User.get(userid) if user is not None: # Include the given user's principal and the Authenticated principal principals.append('user:%s' % userid) principals.append(Authenticated) # Grab the hash tokens present in the request and the hash lookup # function for all of the user's valid and applicable capabilities tokens = request.POST.getall(AUTH_POST_KEY) presented = AccessCapability.presented(user, request.session.get_csrf_token()) # Add "capability:<action_type>:<access_type>" to the principals for # each capability which was correctly presented as a token in the request principals.extend((('capability:%s:%s' % (c.action_class.__name__, c.access_type)) for c in imap(presented, tokens) if c is not None)) return principals
def offer_creds(request, caps=[None]): digest = AccessCapability.present(request.session.get_csrf_token()) ret = '' for cap in caps: ret += '<input type="hidden" name="%s" value="%s" />\n' % (AUTH_POST_KEY, digest(cap)) return HTML(ret)