7 년 전 · c55bf2def6
--- a/tracim/lib/utils/auth.py
+++ b/tracim/lib/utils/auth.py
@@ -1,22 +1,37 @@
 
				+import typing
			
 
				 from pyramid.security import ALL_PERMISSIONS
			
 
				 from pyramid.security import Allow
			
 
				 from pyramid.security import Authenticated
			
 
				+from tracim.lib.core.user import UserApi
			
 
				+from tracim.models.auth import Group
			
 
				+from tracim.lib.core.workspace import WorkspaceApi
			
 
				 
			
 
				+# INFO - G.M - 06-04-2018 - Auth for pyramid
			
 
				+# based on this tutorial : https://docs.pylonsproject.org/projects/pyramid-cookbook/en/latest/auth/basic.html  # nopep8
			
 
				 
			
 
				-def check_credentials(username, password, request):
			
 
				-    if username == 'admin' and password == 'admin':
			
 
				-        # an empty list is enough to indicate logged-in... watch how this
			
 
				-        # affects the principals returned in the home view if you want to
			
 
				-        # expand ACLs later
			
 
				-        return ['g:admin']
			
 
				-    if username == 'user' and password == 'user':
			
 
				-        return []
			
 
				+
			
 
				+def check_credentials(username, password, request) -> typing.Optional[dict]:
			
 
				+    permissions = None
			
 
				+    app_config = request.registry.settings['CFG']
			
 
				+    uapi = UserApi(None, session=request.dbsession, config=app_config)
			
 
				+    try:
			
 
				+        user = uapi.get_one_by_email(username)
			
 
				+        if user.validate_password(password):
			
 
				+            permissions = []
			
 
				+            for group in user.groups:
			
 
				+                permissions.append(group.group_name)
			
 
				+            # TODO - G.M - 06-04-2018 - Add workspace specific permission ?
			
 
				+    # TODO - G.M - 06-04-2018 - Better catch for exception of bad password, bad
			
 
				+    # user
			
 
				+    except:
			
 
				+        pass
			
 
				+    return permissions
			
 
				 
			
 
				 
			
 
				 class Root:
			
 
				-    # dead simple, give everyone who is logged in any permission
			
 
				-    # (see the home_view for an example permission)
			
 
				+    # root
			
 
				     __acl__ = (
			
 
				-        (Allow, 'g:admin', ALL_PERMISSIONS),
			
 
				-        (Allow, Authenticated, 'user'),
			
 
				-    )
			
 
				+        (Allow, Group.TIM_ADMIN_GROUPNAME, ALL_PERMISSIONS),
			
 
				+        (Allow, Group.TIM_MANAGER_GROUPNAME, 'manager'),
			
 
				+        (Allow, Group.TIM_USER_GROUPNAME, 'user'),
			
 
				+    )
			
--- a/tracim/views/default/default_controller.py
+++ b/tracim/views/default/default_controller.py
@@ -45,6 +45,15 @@ class DefaultController(Controller):
 
				         return {'project': project}
			
 
				 
			
 
				     @classmethod
			
 
				+    def test_manager_page(cls, request):
			
 
				+        try:
			
 
				+            app_config = request.registry.settings['CFG']
			
 
				+            project = 'manager'
			
 
				+        except Exception as e:
			
 
				+            return Response(e, content_type='text/plain', status=500)
			
 
				+        return {'project': project}
			
 
				+
			
 
				+    @classmethod
			
 
				     def test_user_page(cls, request):
			
 
				         try:
			
 
				             app_config = request.registry.settings['CFG']
			
@@ -76,7 +85,13 @@ class DefaultController(Controller):
 
				             renderer='tracim:templates/mytemplate.jinja2',
			
 
				             permission='admin',
			
 
				         )
			
 
				-
			
 
				+        configurator.add_route('test_manager', '/test_manager')
			
 
				+        configurator.add_view(
			
 
				+            self.test_user_page,
			
 
				+            route_name='test_manager',
			
 
				+            renderer='tracim:templates/mytemplate.jinja2',
			
 
				+            permission='manager',
			
 
				+        )
			
 
				         configurator.add_route('test_user', '/test_user')
			
 
				         configurator.add_view(
			
 
				             self.test_user_page,