milla.auth.decorators¶
Convenient decorators for enforcing authorization on controllers
Created: | Mar 3, 2011 |
---|---|
Author: | dustin |
-
milla.auth.decorators.
auth_required
(func)[source]¶ Simple decorator to enforce authentication for a controller
Example usage:
class SomeController(object): def __before__(request): request.user = find_a_user_somehow(request) @milla.auth_required def __call__(request): return 'Hello, world!'
In this example, the
SomeController
controller class implements an__before__
method that adds theuser
attribute to therequest
instance. This could be done by extracting user information from the HTTP session, for example. The__call__
method is decorated withauth_required
, which will ensure that the user is successfully authenticated. This is handled by a request validator.If the request is not authorized, the decorated method will never be called. Instead, the response is generated by calling the
NotAuthorized
exception raised inside theauth_required
decorator.
-
class
milla.auth.decorators.
require_perms
(*requirements)[source]¶ Decorator that requires the user have certain permissions
Example usage:
class SomeController(object): def __before__(request): request.user = find_a_user_somehow(request) @milla.require_perms('some_permission', 'and_this_permission') def __call__(request): return 'Hello, world!'
In this example, the
SomeController
controller class implements an__before__
method that adds theuser
attribute to therequest
instance. This could be done by extracting user information from the HTTP session, for example. The__call__
method is decorated withrequire_perms
, which will ensure that the user is successfully authenticated and the the user has the specified permissions. This is handled by a request validator.There are two ways to specify the required permissions:
- By passing the string name of all required permissions as positional arguments. A complex permission requirement will be constructed that requires all of the given permissions to be held by the user in order to validate
- By explicitly passing an instance of
Permission
orPermissionRequirement