repoze.what: Authorization inside action

Checks authorization inside an action, like AuthKit's authorize_request().

from pylons import request
from pylons.controllers.util import abort
from repoze.what.predicates import NotAuthorizedError

def require_authorization(predicate):
    """Aborts if predicate not met.

        Example::

            def edit(self, id):
                post = meta.Session.query(Post).get(id)
                require_authorization(is_user(post.owner.name))

                post.content = 'blah blah...'
                meta.Session.commit()
                redirect_to(action='show')
    """
    try:
        predicate.check_authorization(request.environ)
    except NotAuthorizedError, err:
        code = request.environ.get('repoze.who.identity') and 403 or 401  # already authenticated or not.
        abort(code, comment=unicode(err))

Comments (0)

You must login before you can comment.

Pylons

repoze.what: Authorization inside action

Comments (0)