miohtama/gist:3951630

## gistfile1.py

class SmartcardHelper(BrowserView):
    """
    Helper view for dealing with smartcard loggeable users.

    - Define helper links and conditions to be used in portal_actions via actions.xml

    - Define methods for setting priviledged user cookie after smartcard login

    - Extract smartcard info from Apache enabled client side SSL headers

    - Define various conditions to check whether the user can use smartcard or not
    """

    PRIVILEDGED_COOKIE_NAME = "x"

    PRIVILEDGED_COOKIE_SALT = "y"

    def calculatePriviledgedCookieValue(self):
        """
        """
        m = hashlib.sha1()
        m.update(self.getUser().absolute_url_path())
        m.update(self.PRIVILEDGED_COOKIE_SALT)
        return m.hexdigest()

    def enablePriviledgedCookie(self):
        """
        Set the user cookie which is used in private data checks.
        """
        value = self.calculatePriviledgedCookieValue()
        self.request.response.setCookie(self.PRIVILEDGED_COOKIE_NAME, value)

    def clearPriviledgedCookie(self):
        """
        Clear priviledged login status.
        """
        self.request.response.expireCookie(self.PRIVILEDGED_COOKIE_NAME)

    def hasPriviledge(self):
        """
        Check if the user has priviledged login status.

        1. Hospital has smartcard enabled

        2. User has smartcard enabled

        3. Cookie is set and correct
        """

        # Not yet activated?
        user = self.getUser()

        hospital = self.getHomeHospital()

        if not hospital:
            return False

        if not hospital.getSmartcardEnabled():
            # Hospital does not support
            return False

        if not user.hasSmartcardEnabled():
            return False

        cookie = self.request.cookies.get(self.PRIVILEDGED_COOKIE_NAME, None)
        if not cookie:
            return False

        return cookie == self.calculatePriviledgedCookieValue()

	class SmartcardHelper(BrowserView):
	"""
	Helper view for dealing with smartcard loggeable users.

	- Define helper links and conditions to be used in portal_actions via actions.xml

	- Define methods for setting priviledged user cookie after smartcard login

	- Extract smartcard info from Apache enabled client side SSL headers

	- Define various conditions to check whether the user can use smartcard or not
	"""

	PRIVILEDGED_COOKIE_NAME = "x"

	PRIVILEDGED_COOKIE_SALT = "y"

	def calculatePriviledgedCookieValue(self):
	"""
	"""
	m = hashlib.sha1()
	m.update(self.getUser().absolute_url_path())
	m.update(self.PRIVILEDGED_COOKIE_SALT)
	return m.hexdigest()

	def enablePriviledgedCookie(self):
	"""
	Set the user cookie which is used in private data checks.
	"""
	value = self.calculatePriviledgedCookieValue()
	self.request.response.setCookie(self.PRIVILEDGED_COOKIE_NAME, value)

	def clearPriviledgedCookie(self):
	"""
	Clear priviledged login status.
	"""
	self.request.response.expireCookie(self.PRIVILEDGED_COOKIE_NAME)

	def hasPriviledge(self):
	"""
	Check if the user has priviledged login status.

	1. Hospital has smartcard enabled

	2. User has smartcard enabled

	3. Cookie is set and correct
	"""

	# Not yet activated?
	user = self.getUser()

	hospital = self.getHomeHospital()

	if not hospital:
	return False

	if not hospital.getSmartcardEnabled():
	# Hospital does not support
	return False

	if not user.hasSmartcardEnabled():
	return False

	cookie = self.request.cookies.get(self.PRIVILEDGED_COOKIE_NAME, None)
	if not cookie:
	return False

	return cookie == self.calculatePriviledgedCookieValue()