diff options
| author | Chris McDonough <chrism@agendaless.com> | 2009-09-17 20:42:01 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2009-09-17 20:42:01 +0000 |
| commit | 7df825dcb19d03608ded3c5c84d1552d1232647c (patch) | |
| tree | 1313d3e4e6896b50e2bd36bf27b12041a64f265b /repoze/bfg/view.py | |
| parent | 750ce41f217cd7b638ad5b69fcb9df1b49841b58 (diff) | |
| download | pyramid-7df825dcb19d03608ded3c5c84d1552d1232647c.tar.gz pyramid-7df825dcb19d03608ded3c5c84d1552d1232647c.tar.bz2 pyramid-7df825dcb19d03608ded3c5c84d1552d1232647c.zip | |
Move view-related helper functions from zcml.py to view.py.
Diffstat (limited to 'repoze/bfg/view.py')
| -rw-r--r-- | repoze/bfg/view.py | 114 |
1 files changed, 112 insertions, 2 deletions
diff --git a/repoze/bfg/view.py b/repoze/bfg/view.py index e5a6e5398..12c8b6f46 100644 --- a/repoze/bfg/view.py +++ b/repoze/bfg/view.py @@ -25,6 +25,9 @@ from zope.interface import implements from zope.deprecation import deprecated +from repoze.bfg.interfaces import IAuthenticationPolicy +from repoze.bfg.interfaces import IAuthorizationPolicy +from repoze.bfg.interfaces import ILogger from repoze.bfg.interfaces import IResponseFactory from repoze.bfg.interfaces import IRendererFactory from repoze.bfg.interfaces import IView @@ -32,11 +35,20 @@ from repoze.bfg.interfaces import IMultiView from repoze.bfg.interfaces import ITemplateRenderer from repoze.bfg.path import caller_package - +from repoze.bfg.security import Unauthorized +from repoze.bfg.settings import get_settings from repoze.bfg.static import PackageURLParser - from repoze.bfg.renderers import renderer_from_name +try: + all = all +except NameError: # pragma: no cover + def all(iterable): + for element in iterable: + if not element: + return False + return True + deprecated('view_execution_permitted', "('from repoze.bfg.view import view_execution_permitted' was " "deprecated as of repoze.bfg 1.0; instead use 'from " @@ -608,3 +620,101 @@ def decorate_view(wrapped_view, original_view): pass return True return False + +def derive_view(original_view, permission=None, predicates=(), attr=None, + renderer=None, wrapper_viewname=None, viewname=None): + mapped_view = map_view(original_view, attr, renderer) + owrapped_view = owrap_view(mapped_view, viewname, wrapper_viewname) + secured_view = secure_view(owrapped_view, permission) + debug_view = authdebug_view(secured_view, permission) + derived_view = predicate_wrap(debug_view, predicates) + return derived_view + +def owrap_view(view, viewname, wrapper_viewname): + if not wrapper_viewname: + return view + def _owrapped_view(context, request): + response = view(context, request) + request.wrapped_response = response + request.wrapped_body = response.body + request.wrapped_view = view + wrapped_response = render_view_to_response(context, request, + wrapper_viewname) + if wrapped_response is None: + raise ValueError( + 'No wrapper view named %r found when executing view named %r' % + (wrapper_viewname, viewname)) + return wrapped_response + decorate_view(_owrapped_view, view) + return _owrapped_view + +def predicate_wrap(view, predicates): + if not predicates: + return view + def _wrapped(context, request): + if all((predicate(context, request) for predicate in predicates)): + return view(context, request) + raise NotFound('predicate mismatch for view %s' % view) + def checker(context, request): + return all((predicate(context, request) for predicate in predicates)) + _wrapped.__predicated__ = checker + decorate_view(_wrapped, view) + return _wrapped + +def secure_view(view, permission): + wrapped_view = view + authn_policy = queryUtility(IAuthenticationPolicy) + authz_policy = queryUtility(IAuthorizationPolicy) + if authn_policy and authz_policy and (permission is not None): + def _secured_view(context, request): + principals = authn_policy.effective_principals(request) + if authz_policy.permits(context, principals, permission): + return view(context, request) + msg = getattr(request, 'authdebug_message', + 'Unauthorized: %s failed permission check' % view) + raise Unauthorized(msg) + _secured_view.__call_permissive__ = view + def _permitted(context, request): + principals = authn_policy.effective_principals(request) + return authz_policy.permits(context, principals, permission) + _secured_view.__permitted__ = _permitted + wrapped_view = _secured_view + decorate_view(wrapped_view, view) + + return wrapped_view + +def authdebug_view(view, permission): + wrapped_view = view + authn_policy = queryUtility(IAuthenticationPolicy) + authz_policy = queryUtility(IAuthorizationPolicy) + settings = get_settings() + debug_authorization = getattr(settings, 'debug_authorization', False) + if debug_authorization: + def _authdebug_view(context, request): + view_name = getattr(request, 'view_name', None) + + if authn_policy and authz_policy: + if permission is None: + msg = 'Allowed (no permission registered)' + else: + principals = authn_policy.effective_principals(request) + msg = str(authz_policy.permits(context, principals, + permission)) + else: + msg = 'Allowed (no authorization policy in use)' + + view_name = getattr(request, 'view_name', None) + url = getattr(request, 'url', None) + msg = ('debug_authorization of url %s (view name %r against ' + 'context %r): %s' % (url, view_name, context, msg)) + logger = queryUtility(ILogger, 'repoze.bfg.debug') + logger and logger.debug(msg) + if request is not None: + request.authdebug_message = msg + return view(context, request) + + wrapped_view = _authdebug_view + decorate_view(wrapped_view, view) + + return wrapped_view + |