-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathapp6.py
More file actions
executable file
·72 lines (64 loc) · 2.15 KB
/
Copy pathapp6.py
File metadata and controls
executable file
·72 lines (64 loc) · 2.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/env python
from pyramid.response import Response
from pyramid.view import view_config
from pyramid.config import Configurator
from pyramid.security import Allow, remember, forget
from pyramid.authentication import AuthTktAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
from waitress import serve
class BlogentryViews(object):
def __init__(self, request):
self.request = request
@view_config(route_name='blogentry_show')
def show(self):
return Response('Shown')
@view_config(route_name='blogentry_delete',
permission='delete')
def delete(self):
return Response('Deleted')
@view_config(route_name='login')
def login(self):
userid = self.request.params.get('userid')
headers = remember(self.request, userid)
return Response(
'Logged in as %s' % userid,
headers=headers
)
@view_config(route_name='logout')
def logout(self):
headers = forget(self.request)
return Response(
'Logged out',
headers=headers
)
class RootFactory(object):
# [1]
def __init__(self, request):
self.__acl__ = [(Allow, 'fred', 'delete')]
if __name__ == '__main__':
authn_policy = AuthTktAuthenticationPolicy('soseekrit')
authz_policy = ACLAuthorizationPolicy()
config = Configurator(
root_factory=RootFactory,
authentication_policy=authn_policy,
authorization_policy=authz_policy
)
config.add_route('blogentry_show', '/blog/{id}')
config.add_route('blogentry_delete', '/blog/{id}/delete')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.scan()
app = config.make_wsgi_app()
serve(app)
# Not the same anymore. Only 'fred' can delete blog entries.
#
# New features:
#
# [1] We changed our ACL to allow only the principal id 'fred' to delete
# blog entries. No longer an any authenticated principal delete
# blog entries.
#
# Noteworthy:
#
# - "Principal" means "userid" or "groupid". It's just a string, typically
# (although it can be any basic Python type).