1 import web
2 from decorators import i18n
3 from model import User, Action
4 import types
5
7 '''
8 Checks whether the current user (which may well be the anonymous user) has been granted
9 permission to execute a task related to a given list of actions. The argument can be either
10 a string with a single action name or a list of strings of action identifiers.
11
12 To check these permissions, we retrieve all the roles to which the current user belongs,
13 and then check if the roles grant the user permissions for the given actions.
14
15 Note that if any of the given action names is not defined in the database, an exception will
16 be raised, because it's a bug that the develop should fix: actions are managed by the plugin
17 developer and the usage of this decorator.
18 '''
19 if actions == None:
20 actions = []
21 elif type(actions) is types.StringType:
22 actions = [actions]
23 elif type(actions) is not types.ListType:
24 raise TypeError(_("actions argument must be a string or a list of strings"))
25
26 def decorator(actions, f):
27 def df(*args, **kwargs):
28 roles = set(User.current().roles)
29 has_perms = True
30 for action_name in actions:
31 action_obj = web.ctx.orm.query(Action).filter_by(name = action_name).first()
32 action_roles = set(action_obj.roles)
33 if not action_roles.intersection(roles):
34 has_perms = False
35 break
36 if has_perms:
37 return f(*args, **kwargs)
38 else:
39 raise web.seeother('/user/login')
40 return df
41 return lambda f: decorator(actions, f)
42
43
45 '''
46 If the user is authenticated it allows access to the resource, else ir redirect to login page
47 '''
48 def decorated(*args, **kwargs):
49 if web.ctx.session.has_key('loggedin'):
50 return function(*args, **kwargs)
51 else:
52 raise web.seeother('/user/login?next=%s' % web.ctx.path)
53 return decorated
54