|
- # -*- coding: utf8 -*-
- from pyramid.security import Allow, Everyone, Authenticated
- from pyramid.httpexceptions import HTTPFound, HTTPNotFound, HTTPForbidden
- from pyramid.httpexceptions import HTTPBadRequest, HTTPUnauthorized
-
- USERS = { 1:'editor',
- 'editor':'editor',
- 'viewer':'viewer'}
- GROUPS = {'editor':['group:editors'], 1:['group:editors']}
-
-
- def check_logged(request):
- """ This function is intended to raise an exception if the user is not logged"""
- if request.user is None:
- # Don't answer to users that aren't logged
- raise HTTPForbidden(u'Vous devez vous identifier pour obtenir une réponse.')
-
-
- def check_staff(request):
- """ This function is intended to raise an exception if the user is not a Staff member"""
- check_logged(request)
- if not request.user.Staff:
- # Don't answer to users that aren't logged
- raise HTTPForbidden(u'Vous n\'avez pas l\'autorité suffisante pour effectuer cette action.')
-
-
- def groupfinder(userid, request):
- if userid in USERS:
- return GROUPS.get(userid, [])
-
- class EntryFactory(object):
- __acl__ = [(Allow, Everyone, 'view'),
- (Allow, Authenticated, 'create'),
- (Allow, Authenticated, 'edit'), ]
-
- def __init__(self, request):
- pass
-
- class RootFactory(object):
- __acl__ = [ (Allow, Everyone, 'view'),
- (Allow, 'group:editors', 'edit') ]
- def __init__(self, request):
- pass
|