Merge remote-tracking branch 'refs/remotes/Pylons/master'

8 files changed, 177 insertions, 0 deletions

diff --git a/docs/quick_tutorial/authorization/development.ini b/docs/quick_tutorial/authorization/development.ini
new file mode 100644
index 000000000..8a39b2fe7
--- /dev/null
+++ b/docs/quick_tutorial/authorization/development.ini
@@ -0,0 +1,11 @@
+[app:main]
+use = egg:tutorial
+pyramid.reload_templates = true
+pyramid.includes =
+    pyramid_debugtoolbar
+tutorial.secret = 98zd
+
+[server:main]
+use = egg:pyramid#wsgiref
+host = 0.0.0.0
+port = 6543
diff --git a/docs/quick_tutorial/authorization/setup.py b/docs/quick_tutorial/authorization/setup.py
new file mode 100644
index 000000000..2221b72e9
--- /dev/null
+++ b/docs/quick_tutorial/authorization/setup.py
@@ -0,0 +1,14 @@
+from setuptools import setup
+
+requires = [
+    'pyramid',
+    'pyramid_chameleon'
+]
+
+setup(name='tutorial',
+      install_requires=requires,
+      entry_points="""\
+      [paste.app_factory]
+      main = tutorial:main
+      """,
+)
\ No newline at end of file
diff --git a/docs/quick_tutorial/authorization/tutorial/__init__.py b/docs/quick_tutorial/authorization/tutorial/__init__.py
new file mode 100644
index 000000000..8f7ab8277
--- /dev/null
+++ b/docs/quick_tutorial/authorization/tutorial/__init__.py
@@ -0,0 +1,26 @@
+from pyramid.authentication import AuthTktAuthenticationPolicy
+from pyramid.authorization import ACLAuthorizationPolicy
+from pyramid.config import Configurator
+
+from .security import groupfinder
+
+
+def main(global_config, **settings):
+    config = Configurator(settings=settings,
+                          root_factory='.resources.Root')
+    config.include('pyramid_chameleon')
+
+    # Security policies
+    authn_policy = AuthTktAuthenticationPolicy(
+        settings['tutorial.secret'], callback=groupfinder,
+        hashalg='sha512')
+    authz_policy = ACLAuthorizationPolicy()
+    config.set_authentication_policy(authn_policy)
+    config.set_authorization_policy(authz_policy)
+
+    config.add_route('home', '/')
+    config.add_route('hello', '/howdy')
+    config.add_route('login', '/login')
+    config.add_route('logout', '/logout')
+    config.scan('.views')
+    return config.make_wsgi_app()
\ No newline at end of file
diff --git a/docs/quick_tutorial/authorization/tutorial/home.pt b/docs/quick_tutorial/authorization/tutorial/home.pt
new file mode 100644
index 000000000..ed911b673
--- /dev/null
+++ b/docs/quick_tutorial/authorization/tutorial/home.pt
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <title>Quick Tutorial: ${name}</title>
+</head>
+<body>
+
+<div>
+    <a tal:condition="view.logged_in is None"
+            href="${request.application_url}/login">Log In</a>
+    <a tal:condition="view.logged_in is not None"
+            href="${request.application_url}/logout">Logout</a>
+</div>
+
+<h1>Hi ${name}</h1>
+<p>Visit <a href="${request.route_url('hello')}">hello</a></p>
+</body>
+</html>
diff --git a/docs/quick_tutorial/authorization/tutorial/login.pt b/docs/quick_tutorial/authorization/tutorial/login.pt
new file mode 100644
index 000000000..9e5bfe2ad
--- /dev/null
+++ b/docs/quick_tutorial/authorization/tutorial/login.pt
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <title>Quick Tutorial: ${name}</title>
+</head>
+<body>
+<h1>Login</h1>
+<span tal:replace="message"/>
+
+<form action="${url}" method="post">
+    <input type="hidden" name="came_from"
+           value="${came_from}"/>
+    <label for="login">Username</label>
+    <input type="text" id="login"
+           name="login"
+           value="${login}"/><br/>
+    <label for="password">Password</label>
+    <input type="password" id="password"
+           name="password"
+           value="${password}"/><br/>
+    <input type="submit" name="form.submitted"
+           value="Log In"/>
+</form>
+</body>
+</html>
diff --git a/docs/quick_tutorial/authorization/tutorial/resources.py b/docs/quick_tutorial/authorization/tutorial/resources.py
new file mode 100644
index 000000000..0cb656f12
--- /dev/null
+++ b/docs/quick_tutorial/authorization/tutorial/resources.py
@@ -0,0 +1,9 @@
+from pyramid.security import Allow, Everyone
+
+
+class Root(object):
+    __acl__ = [(Allow, Everyone, 'view'),
+               (Allow, 'group:editors', 'edit')]
+
+    def __init__(self, request):
+        pass
\ No newline at end of file
diff --git a/docs/quick_tutorial/authorization/tutorial/security.py b/docs/quick_tutorial/authorization/tutorial/security.py
new file mode 100644
index 000000000..ab90bab2c
--- /dev/null
+++ b/docs/quick_tutorial/authorization/tutorial/security.py
@@ -0,0 +1,8 @@
+USERS = {'editor': 'editor',
+         'viewer': 'viewer'}
+GROUPS = {'editor': ['group:editors']}
+
+
+def groupfinder(userid, request):
+    if userid in USERS:
+        return GROUPS.get(userid, [])
\ No newline at end of file
diff --git a/docs/quick_tutorial/authorization/tutorial/views.py b/docs/quick_tutorial/authorization/tutorial/views.py
new file mode 100644
index 000000000..43d14455a
--- /dev/null
+++ b/docs/quick_tutorial/authorization/tutorial/views.py
@@ -0,0 +1,66 @@
+from pyramid.httpexceptions import HTTPFound
+from pyramid.security import (
+    remember,
+    forget,
+    )
+
+from pyramid.view import (
+    view_config,
+    view_defaults,
+    forbidden_view_config
+    )
+
+from .security import USERS
+
+
+@view_defaults(renderer='home.pt')
+class TutorialViews:
+    def __init__(self, request):
+        self.request = request
+        self.logged_in = request.authenticated_userid
+
+    @view_config(route_name='home')
+    def home(self):
+        return {'name': 'Home View'}
+
+    @view_config(route_name='hello', permission='edit')
+    def hello(self):
+        return {'name': 'Hello View'}
+
+    @view_config(route_name='login', renderer='login.pt')
+    @forbidden_view_config(renderer='login.pt')
+    def login(self):
+        request = self.request
+        login_url = request.route_url('login')
+        referrer = request.url
+        if referrer == login_url:
+            referrer = '/'  # never use login form itself as came_from
+        came_from = request.params.get('came_from', referrer)
+        message = ''
+        login = ''
+        password = ''
+        if 'form.submitted' in request.params:
+            login = request.params['login']
+            password = request.params['password']
+            if USERS.get(login) == password:
+                headers = remember(request, login)
+                return HTTPFound(location=came_from,
+                                 headers=headers)
+            message = 'Failed login'
+
+        return dict(
+            name='Login',
+            message=message,
+            url=request.application_url + '/login',
+            came_from=came_from,
+            login=login,
+            password=password,
+        )
+
+    @view_config(route_name='logout')
+    def logout(self):
+        request = self.request
+        headers = forget(request)
+        url = request.route_url('home')
+        return HTTPFound(location=url,
+                         headers=headers)