def update(self):
request = self.request
context = getattr(request, 'context', None)
if context is None:
context = getattr(request, 'root', None)
if context is None:
root_factory = config.registry.queryUtility(
IRootFactory, default=DefaultRootFactory)
context = root_factory(request)
request.root = context
self.__parent__ = context
user = authService.get_userid()
if user is None:
loginurl = PTAH_CONFIG.login
if loginurl and not loginurl.startswith(('http://', 'https://')):
loginurl = request.application_url + loginurl
elif not loginurl:
loginurl = request.application_url + '/login.html'
location = '%s?%s'%(
loginurl, urllib.urlencode({'came_from': request.url}))
if isinstance(location, unicode):
location = location.encode('utf-8')
request.response.status = HTTPFound.code
request.response.headers['location'] = location
return
self.request.response.status = HTTPForbidden.code
def checkPermission(permission, context, request=None, throw=False):
""" Check `permission` withing `context`.
:param permission: Permission
:type permission: (Permission or sting)
:param context: Context object
:param throw: Throw HTTPForbidden exception.
"""
if not permission or permission == NO_PERMISSION_REQUIRED:
return True
if permission == NOT_ALLOWED:
if throw:
raise HTTPForbidden()
return False
userid = authService.get_userid()
if userid == SUPERUSER_URI:
return True
global AUTHZ
try:
AUTHZ
except:
AUTHZ = config.registry.getUtility(IAuthorizationPolicy)
principals = [Everyone.id]
if userid is not None:
principals.extend((Authenticated.id, userid))
roles = LocalRoles(userid, context=context)
if roles:
principals.extend(roles)
res = AUTHZ.permits(context, principals, permission)
if isinstance(res, ACLDenied):
if throw:
raise HTTPForbidden(res)
return False
return True
def update(self):
self.root = getattr(self.request, 'root', None)
self.user = authService.get_current_principal()
self.isanon = self.user is None
self.ptahmanager = get_access_manager()(authService.get_userid())