def init_app(acl, app, mtjacl_sessions=True, permission_denied_handler=handle_permission_denied, *a, **kw): # Not using the default session. principal = Principal(app, use_sessions=False, *a, **kw) @identity_loaded.connect_via(app) def on_identity_loaded(sender, identity): if not isinstance(identity, AclIdentity): # Not doing anything on identities we don't care for. return # the identity is actually the raw token access_token = identity.access_token if access_token is None: user = anonymous else: user = acl.getUserFromAccessToken(access_token) # cache this value. g.mtj_user = user if user is anonymous: return roles = acl.getUserRoles(user) # TODO figure out how to do lazy loading of roles. for role in roles: identity.provides.add(RoleNeed(role)) identity.id = user.login if mtjacl_sessions: principal.identity_loader(acl_session_identity_loader) principal.identity_saver(acl_session_identity_saver) app.config['MTJ_ACL'] = acl if callable(permission_denied_handler): app.errorhandler(PermissionDenied)(permission_denied_handler) app.before_request(_on_before_request(acl))
def _get_principal(app): p = Principal(app, use_sessions=False) p.identity_loader(_identity_loader) return p
def get_principals(app): p = Principal(app) p.identity_loader(load_identity) return p