milla.auth.decorators

Convenient decorators for enforcing authorization on controllers

Created:Mar 3, 2011
Author:dustin
milla.auth.decorators.auth_required(func)[source]

Simple decorator to enforce authentication for a controller

Example usage:

class SomeController(object):

    def __before__(request):
       request.user = find_a_user_somehow(request)

    @milla.auth_required
    def __call__(request):
        return 'Hello, world!'

In this example, the SomeController controller class implements an __before__ method that adds the user attribute to the request instance. This could be done by extracting user information from the HTTP session, for example. The __call__ method is decorated with auth_required, which will ensure that the user is successfully authenticated. This is handled by a request validator.

If the request is not authorized, the decorated method will never be called. Instead, the response is generated by calling the NotAuthorized exception raised inside the auth_required decorator.

class milla.auth.decorators.require_perms(*requirements)[source]

Decorator that requires the user have certain permissions

Example usage:

class SomeController(object):

    def __before__(request):
       request.user = find_a_user_somehow(request)

    @milla.require_perms('some_permission', 'and_this_permission')
    def __call__(request):
        return 'Hello, world!'

In this example, the SomeController controller class implements an __before__ method that adds the user attribute to the request instance. This could be done by extracting user information from the HTTP session, for example. The __call__ method is decorated with require_perms, which will ensure that the user is successfully authenticated and the the user has the specified permissions. This is handled by a request validator.

There are two ways to specify the required permissions:

  • By passing the string name of all required permissions as positional arguments. A complex permission requirement will be constructed that requires all of the given permissions to be held by the user in order to validate
  • By explicitly passing an instance of Permission or PermissionRequirement