Request authorization
Created: | Apr 5, 2011 |
---|---|
Author: | dustin |
Updated: | $Date$ |
Updater: | $Author$ |
Base class for unauthorized exceptions
This class is both an exception and a controller callable. If the request validator raises an instance of this class, it will be called and the resulting value will become the HTTP response. The default implementation simply returns HTTP status 403 and a simple body containing the exception message.
Base class for request validators
A request validator is a class that exposes a validate method, which accepts an instance of webob.Request and an optional requirement. The validate method should return None on successful validation, or raise an instance of NotAuthorized on failure. The base implementation will raise an instance of the exception specified by exc_class, which defaults to :py:class`NotAuthorized`.
To customize the response to unauthorized requests, it is sufficient to subclass NotAuthorized, override its __call__() method, and specify the class in exc_class.
Exception class to raise if the request is unauthorized
alias of NotAuthorized
Validates a request
Parameters: |
|
---|
The base implementation will perform authorization in the following way:
If none of the above steps raised an exception, the method will return None, indicating that the validation was successful.
Note
WebOb Request instances do not have a user attribute by default. You will need to supply this yourself, i.e. in a WSGI middleware or in the __before__ method of your controller class.