/src/authorization/tutorial/security.py

 1from webob.exc import HTTPFound
 2
 3from repoze.bfg.view import bfg_view
 4from repoze.bfg.exceptions import Forbidden
 5
 6from repoze.bfg.security import remember
 7from repoze.bfg.security import forget
 8
 9USERS = {'editor':'editor',
10          'viewer':'viewer'}
11GROUPS = {'editor':['group:editors']}
12
13def groupfinder(userid, request):
14    if userid in USERS:
15        return GROUPS.get(userid, [])
16
17class LoginView(object):
18    def __init__(self, request):
19        self.request = request
20
21    @bfg_view(renderer='login.mak', context=Forbidden)
22    @bfg_view(name='login', renderer='login.mak')
23    def login(self):
24        login_url = self.request.application_url + '/login'
25        referrer = self.request.url
26        if referrer == login_url:
27            referrer = '/' # never use the login form itself as came_from
28        came_from = self.request.params.get('came_from', referrer)
29        message = ''
30        login = ''
31        password = ''
32        if 'form.submitted' in self.request.params:
33            login = self.request.params['login']
34            password = self.request.params['password']
35            if USERS.get(login) == password:
36                headers = remember(self.request, login)
37                return HTTPFound(location=came_from, headers=headers)
38            message = 'Failed login'
39    
40        return dict(
41            message = message,
42            url = login_url,
43            came_from = came_from,
44            login = login,
45            password = password,
46        )
47    
48    @bfg_view(name='logout', permission='view')
49    def logout(self):
50        headers = forget(self.request)
51        return HTTPFound(
52            location=self.request.application_url,
53            headers=headers
54            )
55