Le repo des sources pour le site web des JM2L
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

security.py 1.4 KiB

9 年前
9 年前
9 年前
12345678910111213141516171819202122232425262728293031323334353637383940414243
  1. # -*- coding: utf8 -*-
  2. from pyramid.security import Allow, Everyone, Authenticated
  3. from pyramid.httpexceptions import HTTPFound, HTTPNotFound, HTTPForbidden
  4. from pyramid.httpexceptions import HTTPBadRequest, HTTPUnauthorized
  5. USERS = { 1:'editor',
  6. 'editor':'editor',
  7. 'viewer':'viewer'}
  8. GROUPS = {'editor':['group:editors'], 1:['group:editors']}
  9. def check_logged(request):
  10. """ This function is intended to raise an exception if the user is not logged"""
  11. if request.user is None:
  12. # Don't answer to users that aren't logged
  13. raise HTTPForbidden(u'Vous devez vous identifier pour obtenir une réponse.')
  14. def check_staff(request):
  15. """ This function is intended to raise an exception if the user is not a Staff member"""
  16. check_logged(request)
  17. if not request.user.Staff:
  18. # Don't answer to users that aren't logged
  19. raise HTTPForbidden(u'Vous n\'avez pas l\'autorité suffisante pour effectuer cette action.')
  20. def groupfinder(userid, request):
  21. if userid in USERS:
  22. return GROUPS.get(userid, [])
  23. class EntryFactory(object):
  24. __acl__ = [(Allow, Everyone, 'view'),
  25. (Allow, Authenticated, 'create'),
  26. (Allow, Authenticated, 'edit'), ]
  27. def __init__(self, request):
  28. pass
  29. class RootFactory(object):
  30. __acl__ = [ (Allow, Everyone, 'view'),
  31. (Allow, 'group:editors', 'edit') ]
  32. def __init__(self, request):
  33. pass