Add security.

author: Chris McDonough <chrism@agendaless.com> 2008-07-16 10:32:08 +0000
committer: Chris McDonough <chrism@agendaless.com> 2008-07-16 10:32:08 +0000
commit: 2466f6eaa2246598dc6cb3c962364773eb4cc64a (patch)
tree: 80954892ad8e12cffb534f3ae92cd321d4d870f5 /repoze/bfg/router.py
parent: 23aa82c4963dc75737d7dc8a84d7639775c3b282 (diff)
download: pyramid-2466f6eaa2246598dc6cb3c962364773eb4cc64a.tar.gz
pyramid-2466f6eaa2246598dc6cb3c962364773eb4cc64a.tar.bz2
pyramid-2466f6eaa2246598dc6cb3c962364773eb4cc64a.zip
1 files changed, 18 insertions, 7 deletions
diff --git a/repoze/bfg/router.py b/repoze/bfg/router.py
index 00966dfd1..becf3e3e4 100644
--- a/repoze/bfg/router.py
+++ b/repoze/bfg/router.py
@@ -1,19 +1,21 @@
 from zope.component import getMultiAdapter
 from zope.component import queryMultiAdapter
+from zope.component import queryUtility
 from zope.interface import directlyProvides
 
 from webob import Request
 from webob.exc import HTTPNotFound
+from webob.exc import HTTPUnauthorized
 
 from repoze.bfg.interfaces import IPublishTraverserFactory
 from repoze.bfg.interfaces import IViewFactory
+from repoze.bfg.interfaces import IViewPermission
+from repoze.bfg.interfaces import ISecurityPolicy
 from repoze.bfg.interfaces import IWSGIApplicationFactory
 from repoze.bfg.interfaces import IRequest
 
 from repoze.bfg.registry import registry_manager
 
-_marker = ()
-
 class Router:
     def __init__(self, root_policy, registry):
         self.root_policy = root_policy
@@ -25,14 +27,23 @@ class Router:
         directlyProvides(request, IRequest)
         root = self.root_policy(environ)
         path = environ.get('PATH_INFO', '/')
-        traverser = getMultiAdapter((root, request),
-                                    IPublishTraverserFactory)
+        traverser = getMultiAdapter((root, request), IPublishTraverserFactory)
         context, name, subpath = traverser(path)
         request.subpath = subpath
         request.view_name = name
-        app = queryMultiAdapter((context, request), IViewFactory, name=name,
-                                default=_marker)
-        if app is _marker:
+
+        security_policy = queryUtility(ISecurityPolicy)
+        if security_policy:
+            permission = queryMultiAdapter((context, request), IViewPermission,
+                                           name=name)
+            if permission is not None:
+                if not permission(security_policy):
+                    app = HTTPUnauthorized()
+                    app.explanation = repr(permission)
+                    return app(environ, start_response)
+
+        app = queryMultiAdapter((context, request), IViewFactory, name=name)
+        if app is None:
             app = HTTPNotFound(request.url)
         else:
             app = getMultiAdapter((context, request, app),
author	Chris McDonough <chrism@agendaless.com>	2008-07-16 10:32:08 +0000
committer	Chris McDonough <chrism@agendaless.com>	2008-07-16 10:32:08 +0000
commit	2466f6eaa2246598dc6cb3c962364773eb4cc64a (patch)
tree	80954892ad8e12cffb534f3ae92cd321d4d870f5 /repoze/bfg/router.py
parent	23aa82c4963dc75737d7dc8a84d7639775c3b282 (diff)
download	pyramid-2466f6eaa2246598dc6cb3c962364773eb4cc64a.tar.gz pyramid-2466f6eaa2246598dc6cb3c962364773eb4cc64a.tar.bz2 pyramid-2466f6eaa2246598dc6cb3c962364773eb4cc64a.zip