Created
October 8, 2016 07:55
-
-
Save inklesspen/f4739e1ccb6313fb3cc0d56600051e49 to your computer and use it in GitHub Desktop.
ACL Example with Pyramid non-traversal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pyramid.config import Configurator | |
| from pyramid.session import SignedCookieSessionFactory | |
| from pyramid.authentication import SessionAuthenticationPolicy | |
| from pyramid.authorization import ACLAuthorizationPolicy | |
| from pyramid.security import Allow, Authenticated, Everyone | |
| class Public(object): | |
| __acl__ = [(Allow, Everyone, 'view')] | |
| def __init__(self, request): | |
| pass | |
| class AuthenticationRequired(object): | |
| __acl__ = [(Allow, Authenticated, 'view')] | |
| def __init__(self, request): | |
| pass | |
| def main(global_config, **settings): | |
| """ This function returns a Pyramid WSGI application. | |
| """ | |
| config = Configurator(settings=settings) | |
| config.include('pyramid_chameleon') | |
| my_session_factory = SignedCookieSessionFactory('insecure') | |
| config.set_session_factory(my_session_factory) | |
| config.set_authentication_policy(SessionAuthenticationPolicy()) | |
| config.set_authorization_policy(ACLAuthorizationPolicy()) | |
| config.add_static_view('static', 'static', cache_max_age=3600) | |
| # this is the important bit here, the factory on the route. | |
| # the factory needs to be a callable which takes a request object and returns an object with a __acl__ | |
| # a class works, but other kinds of factories are possible. | |
| config.add_route('home', '/', factory=Public) | |
| config.add_route('protected', '/protected', factory=AuthenticationRequired) | |
| config.add_route('login', '/login', factory=Public) | |
| config.add_route('logout', '/logout', factory=AuthenticationRequired) | |
| config.scan() | |
| return config.make_wsgi_app() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pyramid.view import view_config | |
| from pyramid.security import NO_PERMISSION_REQUIRED, remember, forget | |
| from pyramid.httpexceptions import HTTPSeeOther | |
| @view_config(route_name='home', renderer='templates/mytemplate.pt', permission=NO_PERMISSION_REQUIRED) | |
| def my_view(request): | |
| return {'project': 'testacl'} | |
| @view_config(route_name='protected', renderer='templates/protected.pt', permission='view') | |
| def protected_view(request): | |
| return {} | |
| @view_config(route_name='login', permission='view') | |
| def login(request): | |
| headers = remember(request, 'somebody') | |
| return HTTPSeeOther(request.route_url('protected'), headers=headers) | |
| @view_config(route_name='logout', permission='view') | |
| def logout(request): | |
| headers = forget(request) | |
| return HTTPSeeOther(request.route_url('home'), headers=headers) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment