add simple authorization auth

tracim · Apr 6, 2018 · c55bf2d · c55bf2d
1 parent 1965b24
commit c55bf2d
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 14 deletions.
diff --git a/tracim/lib/utils/auth.py b/tracim/lib/utils/auth.py
@@ -1,22 +1,37 @@
+import typing
 from pyramid.security import ALL_PERMISSIONS
 from pyramid.security import Allow
 from pyramid.security import Authenticated
+from tracim.lib.core.user import UserApi
+from tracim.models.auth import Group
+from tracim.lib.core.workspace import WorkspaceApi
 
+# INFO - G.M - 06-04-2018 - Auth for pyramid
+# based on this tutorial : https://docs.pylonsproject.org/projects/pyramid-cookbook/en/latest/auth/basic.html  # nopep8
 
-def check_credentials(username, password, request):
-    if username == 'admin' and password == 'admin':
-        # an empty list is enough to indicate logged-in... watch how this
-        # affects the principals returned in the home view if you want to
-        # expand ACLs later
-        return ['g:admin']
-    if username == 'user' and password == 'user':
-        return []
+
+def check_credentials(username, password, request) -> typing.Optional[dict]:
+    permissions = None
+    app_config = request.registry.settings['CFG']
+    uapi = UserApi(None, session=request.dbsession, config=app_config)
+    try:
+        user = uapi.get_one_by_email(username)
+        if user.validate_password(password):
+            permissions = []
+            for group in user.groups:
+                permissions.append(group.group_name)
+            # TODO - G.M - 06-04-2018 - Add workspace specific permission ?
+    # TODO - G.M - 06-04-2018 - Better catch for exception of bad password, bad
+    # user
+    except:
+        pass
+    return permissions
 
 
 class Root:
-    # dead simple, give everyone who is logged in any permission
-    # (see the home_view for an example permission)
+    # root
     __acl__ = (
-        (Allow, 'g:admin', ALL_PERMISSIONS),
-        (Allow, Authenticated, 'user'),
-    )
+        (Allow, Group.TIM_ADMIN_GROUPNAME, ALL_PERMISSIONS),
+        (Allow, Group.TIM_MANAGER_GROUPNAME, 'manager'),
+        (Allow, Group.TIM_USER_GROUPNAME, 'user'),
+    )
diff --git a/tracim/views/default/default_controller.py b/tracim/views/default/default_controller.py
@@ -44,6 +44,15 @@ def test_admin_page(cls, request):
             return Response(e, content_type='text/plain', status=500)
         return {'project': project}
 
+    @classmethod
+    def test_manager_page(cls, request):
+        try:
+            app_config = request.registry.settings['CFG']
+            project = 'manager'
+        except Exception as e:
+            return Response(e, content_type='text/plain', status=500)
+        return {'project': project}
+
     @classmethod
     def test_user_page(cls, request):
         try:
@@ -76,7 +85,13 @@ def bind(self, configurator: Configurator):
             renderer='tracim:templates/mytemplate.jinja2',
             permission='admin',
         )
-
+        configurator.add_route('test_manager', '/test_manager')
+        configurator.add_view(
+            self.test_user_page,
+            route_name='test_manager',
+            renderer='tracim:templates/mytemplate.jinja2',
+            permission='manager',
+        )
         configurator.add_route('test_user', '/test_user')
         configurator.add_view(
             self.test_user_page,