opensourceprojects.eu / osp-allura / Diff of /Allura/allura/lib/security.py

Diff of /Allura/allura/lib/security.py [53d9ee] .. [8681aa]

Switch to unified view


...
    users roles must either be explicitly DENYed or processing terminate with no
    matches to DENY access to the resource.
    '''
    from allura import model as M
    def predicate(obj=obj, user=user, project=project, roles=None):
        if obj is None:
            return False
        if roles is None:
            if user is None: user = c.user
            assert user, 'c.user should always be at least M.User.anonymous()'
            cred = Credentials.get()
            if project is None:
...
        raise exc.HTTPForbidden(detail=message)
    else:
        raise exc.HTTPUnauthorized()

def require_access(obj, permission, **kwargs):
    if obj is not None:
        predicate = has_access(obj, permission, **kwargs)
        return require(predicate, message='%s access required' % permission.capitalize())
    else:
        raise exc.HTTPForbidden(detail="Could not verify permissions for this page.")

def require_authenticated():
    '''
    :raises: HTTPUnauthorized if current user is anonymous
    '''

	a/Allura/allura/lib/security.py		b/Allura/allura/lib/security.py
	...		...
236	users roles must either be explicitly DENYed or processing terminate with no	236	users roles must either be explicitly DENYed or processing terminate with no
237	matches to DENY access to the resource.	237	matches to DENY access to the resource.
238	'''	238	'''
239	from allura import model as M	239	from allura import model as M
240	def predicate(obj=obj, user=user, project=project, roles=None):	240	def predicate(obj=obj, user=user, project=project, roles=None):
		241	if obj is None:
		242	return False
241	if roles is None:	243	if roles is None:
242	if user is None: user = c.user	244	if user is None: user = c.user
243	assert user, 'c.user should always be at least M.User.anonymous()'	245	assert user, 'c.user should always be at least M.User.anonymous()'
244	cred = Credentials.get()	246	cred = Credentials.get()
245	if project is None:	247	if project is None:
	...		...
301	raise exc.HTTPForbidden(detail=message)	303	raise exc.HTTPForbidden(detail=message)
302	else:	304	else:
303	raise exc.HTTPUnauthorized()	305	raise exc.HTTPUnauthorized()
304		306
305	def require_access(obj, permission, **kwargs):	307	def require_access(obj, permission, **kwargs):
		308	if obj is not None:
306	predicate = has_access(obj, permission, **kwargs)	309	predicate = has_access(obj, permission, **kwargs)
307	return require(predicate, message='%s access required' % permission.capitalize())	310	return require(predicate, message='%s access required' % permission.capitalize())
		311	else:
		312	raise exc.HTTPForbidden(detail="Could not verify permissions for this page.")
308		313
309	def require_authenticated():	314	def require_authenticated():
310	'''	315	'''
311	:raises: HTTPUnauthorized if current user is anonymous	316	:raises: HTTPUnauthorized if current user is anonymous
312	'''	317	'''