milla.auth.decorators¶
Convenient decorators for enforcing authorization on controllers
Created: | Mar 3, 2011 |
---|---|
Author: | dustin |
Updated: | $Date$ |
Updater: | $Author$ |
- milla.auth.decorators.auth_required(func)¶
Simple decorator to enforce authentication for a controller
Example usage:
class SomeController(object): def __before__(request): request.user = find_a_user_somehow(request) @milla.auth_required def __call__(request): return 'Hello, world!'
In this example, the SomeController controller class implements an __before__ method that adds the user attribute to the request instance. This could be done by extracting user information from the HTTP session, for example. The __call__ method is decorated with auth_required, which will ensure that the user is successfully authenticated. This is handled by a request validator.
If the request is not authorized, the decorated method will never be called. Instead, the response is generated by calling the NotAuthorized exception raised inside the auth_required decorator.
- class milla.auth.decorators.require_perms(*requirements)¶
Decorator that requires the user have certain permissions
Example usage:
class SomeController(object): def __before__(request): request.user = find_a_user_somehow(request) @milla.require_perms('some_permission', 'and_this_permission') def __call__(request): return 'Hello, world!'
In this example, the SomeController controller class implements an __before__ method that adds the user attribute to the request instance. This could be done by extracting user information from the HTTP session, for example. The __call__ method is decorated with require_perms, which will ensure that the user is successfully authenticated and the the user has the specified permissions. This is handled by a request validator.
There are two ways to specify the required permissions:
- By passing the string name of all required permissions as positional arguments. A complex permission requirement will be constructed that requires all of the given permissions to be held by the user in order to validate
- By explicitly passing an instance of Permission or PermissionRequirement