Convenient decorators for enforcing authorization on controllers
Created: | Mar 3, 2011 |
---|---|
Author: | dustin |
Updated: | $Date$ |
Updater: | $Author$ |
Simple decorator to enforce authentication for a controller
Example usage:
class SomeController(object):
def __before__(request):
request.user = find_a_user_somehow(request)
@milla.auth_required
def __call__(request):
return 'Hello, world!'
In this example, the SomeController controller class implements an __before__ method that adds the user attribute to the request instance. This could be done by extracting user information from the HTTP session, for example. The __call__ method is decorated with auth_required, which will ensure that the user is successfully authenticated. This is handled by a request validator.
If the request is not authorized, the decorated method will never be called. Instead, the response is generated by calling the NotAuthorized exception raised inside the auth_required decorator.
Decorator that requires the user have certain permissions
Example usage:
class SomeController(object):
def __before__(request):
request.user = find_a_user_somehow(request)
@milla.require_perms('some_permission', 'and_this_permission')
def __call__(request):
return 'Hello, world!'
In this example, the SomeController controller class implements an __before__ method that adds the user attribute to the request instance. This could be done by extracting user information from the HTTP session, for example. The __call__ method is decorated with require_perms, which will ensure that the user is successfully authenticated and the the user has the specified permissions. This is handled by a request validator.
There are two ways to specify the required permissions: