diff options
| author | Chris McDonough <chrism@agendaless.com> | 2008-07-11 23:30:35 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2008-07-11 23:30:35 +0000 |
| commit | 2d74688f6564c325077044c4b870c6f966baad91 (patch) | |
| tree | a536611d8ad9a816afd139b1f140bde34e61647a /repoze/bfg/wsgiadapter.py | |
| parent | 3011338a75fe905a150ab93c97830b39c55b4ca1 (diff) | |
| download | pyramid-2d74688f6564c325077044c4b870c6f966baad91.tar.gz pyramid-2d74688f6564c325077044c4b870c6f966baad91.tar.bz2 pyramid-2d74688f6564c325077044c4b870c6f966baad91.zip | |
Add security policy checks.
Diffstat (limited to 'repoze/bfg/wsgiadapter.py')
| -rw-r--r-- | repoze/bfg/wsgiadapter.py | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/repoze/bfg/wsgiadapter.py b/repoze/bfg/wsgiadapter.py index f76360c27..16effe1a5 100644 --- a/repoze/bfg/wsgiadapter.py +++ b/repoze/bfg/wsgiadapter.py @@ -1,19 +1,40 @@ -from zope.interface import implements +from zope.component import queryMultiAdapter from zope.interface import classProvides +from zope.interface import implements +from zope.interface import Interface from repoze.bfg.interfaces import IWSGIApplicationFactory from repoze.bfg.interfaces import IWSGIApplication from repoze.bfg.mapply import mapply +class IViewSecurityPolicy(Interface): + """ Marker interface for a view security policy; a view security + policy. """ + def __call__(): + """ Return None if the security check succeeded, + otherwise it should return a WSGI application representing an + unauthorized view""" + class NaiveWSGIViewAdapter: classProvides(IWSGIApplicationFactory) implements(IWSGIApplication) - def __init__(self, view, request): - self.view = view + def __init__(self, context, request, view): + self.context = context self.request = request + self.view = view def __call__(self, environ, start_response): + context = self.context + request = self.request + view = self.view + security_policy = queryMultiAdapter((context, request), + IViewSecurityPolicy) + if security_policy: + failed_view = security_policy() + if failed_view: + view = failed_view + catch_response = [] def replace_start_response(status, headers): catch_response[:] = (status, headers) @@ -22,7 +43,8 @@ class NaiveWSGIViewAdapter: 'environ':environ, 'start_response':start_response, } - response = mapply(self.view, positional = (), keyword = kwdict) + + response = mapply(view, positional = (), keyword = kwdict) if not catch_response: catch_response = (response.status, response.headerlist) start_response(*catch_response) |