Skip to content

Owo Sugiana / iso8583-web

Go to a project
Switch branch/tag
security.py 1.02 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 
from pyramid.authentication import AuthTktAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
from .models.ziggurat import (
    User,
    UserGroup,
    )


def group_finder(login, request):
    q = request.dbsession.query(User).filter_by(id=login)
    u = q.first()
    if not u or not u.status:
        return  # None means logout
    r = []
    q = request.dbsession.query(UserGroup).filter_by(user_id=u.id)
    for ug in q:
        acl_name = f'group:{ug.group_id}'
        r.append(acl_name)
    return r


def get_user(request):
    uid = request.authenticated_userid
    if uid:
        q = request.dbsession.query(User).filter_by(id=uid)
        return q.first()


def includeme(config):
    authn_policy = AuthTktAuthenticationPolicy(
            'sosecret', callback=group_finder, hashalg='sha512')
    config.set_authentication_policy(authn_policy)
    authz_policy = ACLAuthorizationPolicy()
    config.set_authorization_policy(authz_policy)
    config.add_request_method(get_user, 'user', reify=True)