1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
from zope.component import queryMultiAdapter
from zope.interface import classProvides
from zope.interface import implements
from zope.interface import Interface
from repoze.bfg.interfaces import IWSGIApplicationFactory
from repoze.bfg.interfaces import IWSGIApplication
from repoze.bfg.mapply import mapply
class IViewSecurityPolicy(Interface):
""" Marker interface for a view security policy; a view security
policy. """
def __call__():
""" Return None if the security check succeeded,
otherwise it should return a WSGI application representing an
unauthorized view"""
def isResponse(ob):
if ( hasattr(ob, 'app_iter') and hasattr(ob, 'headerlist') and
hasattr(ob, 'status') ):
if ( hasattr(ob.app_iter, '__iter__') and
hasattr(ob.headerlist, '__iter__') ):
return True
class NaiveWSGIViewAdapter:
classProvides(IWSGIApplicationFactory)
implements(IWSGIApplication)
def __init__(self, context, request, view):
self.context = context
self.request = request
self.view = view
def __call__(self, environ, start_response):
context = self.context
request = self.request
view = self.view
security_policy = queryMultiAdapter((context, request),
IViewSecurityPolicy)
if security_policy:
failed_view = security_policy()
if failed_view:
view = failed_view
catch_response = []
def replace_start_response(status, headers):
catch_response[:] = (status, headers)
kwdict = {
'request':self.request,
'environ':environ,
'start_response':start_response,
}
if isResponse(view):
response = view
else:
response = mapply(view, positional = (), keyword = kwdict)
if not catch_response:
catch_response = (response.status, response.headerlist)
start_response(*catch_response)
return response.app_iter
|
