This repository has been archived by the owner on Oct 24, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
44 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,37 @@ | ||
import typing | ||
from pyramid.security import ALL_PERMISSIONS | ||
from pyramid.security import Allow | ||
from pyramid.security import Authenticated | ||
from tracim.lib.core.user import UserApi | ||
from tracim.models.auth import Group | ||
from tracim.lib.core.workspace import WorkspaceApi | ||
|
||
# INFO - G.M - 06-04-2018 - Auth for pyramid | ||
# based on this tutorial : https://docs.pylonsproject.org/projects/pyramid-cookbook/en/latest/auth/basic.html # nopep8 | ||
|
||
def check_credentials(username, password, request): | ||
if username == 'admin' and password == 'admin': | ||
# an empty list is enough to indicate logged-in... watch how this | ||
# affects the principals returned in the home view if you want to | ||
# expand ACLs later | ||
return ['g:admin'] | ||
if username == 'user' and password == 'user': | ||
return [] | ||
|
||
def check_credentials(username, password, request) -> typing.Optional[dict]: | ||
permissions = None | ||
app_config = request.registry.settings['CFG'] | ||
uapi = UserApi(None, session=request.dbsession, config=app_config) | ||
try: | ||
user = uapi.get_one_by_email(username) | ||
if user.validate_password(password): | ||
permissions = [] | ||
for group in user.groups: | ||
permissions.append(group.group_name) | ||
# TODO - G.M - 06-04-2018 - Add workspace specific permission ? | ||
# TODO - G.M - 06-04-2018 - Better catch for exception of bad password, bad | ||
# user | ||
except: | ||
pass | ||
return permissions | ||
|
||
|
||
class Root: | ||
# dead simple, give everyone who is logged in any permission | ||
# (see the home_view for an example permission) | ||
# root | ||
__acl__ = ( | ||
(Allow, 'g:admin', ALL_PERMISSIONS), | ||
(Allow, Authenticated, 'user'), | ||
) | ||
(Allow, Group.TIM_ADMIN_GROUPNAME, ALL_PERMISSIONS), | ||
(Allow, Group.TIM_MANAGER_GROUPNAME, 'manager'), | ||
(Allow, Group.TIM_USER_GROUPNAME, 'user'), | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters