def _secure_tile(tile, permission, authn_policy, authz_policy, strict): """wraps tile and does security checks. """ wrapped_tile = tile if not authn_policy and not authz_policy: return tile def _secured_tile(context, request): principals = authn_policy.effective_principals(request) if authz_policy.permits(context, principals, permission): return tile(context, request) msg = getattr(request, 'authdebug_message', 'Unauthorized: tile %s failed permission check' % tile) if strict: raise Forbidden(msg) settings = request.registry.settings if settings.get('debug_authorization', False): logger = request.registry.getUtility(IDebugLogger) logger.debug(msg) return u'' _secured_tile.__call_permissive__ = tile def _permitted(context, request): principals = authn_policy.effective_principals(request) return authz_policy.permits(context, principals, permission) _secured_tile.__permitted__ = _permitted wrapped_tile = _secured_tile preserve_view_attrs(tile, wrapped_tile) return wrapped_tile
msg = getattr(request, 'authdebug_message', 'Unauthorized: tile %s failed permission check' % tile) if strict: raise Forbidden(msg) settings = get_settings() if settings.get('debug_authorization', False): logger = IDebugLogger() logger.debug(msg) return u'' _secured_tile.__call_permissive__ = tile def _permitted(context, request): principals = authn_policy.effective_principals(request) return authz_policy.permits(context, principals, permission) _secured_tile.__permitted__ = _permitted wrapped_tile = _secured_tile preserve_view_attrs(tile, wrapped_tile) return wrapped_tile # Registration def registerTile(name, path=None, attribute='render', interface=Interface, class_=Tile, permission='view', strict=True, _level=2): """registers a tile. ``name`` identifier of the tile (for later lookup). ``path`` either relative path to the template or absolute path or path prefixed by the absolute package name delimeted by ':'. If ``path`` is used ``attribute`` is ignored.