milla.auth¶
Request authorization
Created: | Apr 5, 2011 |
---|---|
Author: | dustin |
Updated: | $Date$ |
Updater: | $Author$ |
-
exception
milla.auth.
NotAuthorized
[source]¶ Base class for unauthorized exceptions
This class is both an exception and a controller callable. If the request validator raises an instance of this class, it will be called and the resulting value will become the HTTP response. The default implementation simply returns HTTP status 403 and a simple body containing the exception message.
-
class
milla.auth.
RequestValidator
[source]¶ Base class for request validators
A request validator is a class that exposes a
validate
method, which accepts an instance ofwebob.Request
and an optionalrequirement
. Thevalidate
method should returnNone
on successful validation, or raise an instance ofNotAuthorized
on failure. The base implementation will raise an instance of the exception specified byexc_class
, which defaults to :py:class`NotAuthorized`.To customize the response to unauthorized requests, it is sufficient to subclass
NotAuthorized
, override its__call__()
method, and specify the class inexc_class
.-
exc_class
¶ Exception class to raise if the request is unauthorized
alias of
NotAuthorized
-
validate
(request, requirement=None)[source]¶ Validates a request
Parameters: - request – The request to validate. Should be an instance
of
webob.Request
. - requirement – (Optional) A requirement to check. Should be
an instance of
Permission
orPermissionRequirement
, or some other class with acheck
method that accepts a sequence of permissions.
The base implementation will perform authorization in the following way:
- Does the
request
have auser
attribute? If not, raiseNotAuthorized
. - Is the truth value of
request.user
true? If not, raiseNotAuthorized
. - Does the
request.user
object have apermissions
attribute? If not, raiseNotAuthorized
. - Do the user’s permissions meet the requirements? If not,
raise
NotAuthorized
.
If none of the above steps raised an exception, the method will return
None
, indicating that the validation was successful.Note
WebOb Request instances do not have a
user
attribute by default. You will need to supply this yourself, i.e. in a WSGI middleware or in the__before__
method of your controller class.- request – The request to validate. Should be an instance
of
-