import typing from pyramid.security import ALL_PERMISSIONS from pyramid.security import Allow from pyramid.security import Authenticated from tracim.lib.core.user import UserApi from tracim.models.auth import Group from tracim.lib.core.workspace import WorkspaceApi # INFO - G.M - 06-04-2018 - Auth for pyramid # based on this tutorial : https://docs.pylonsproject.org/projects/pyramid-cookbook/en/latest/auth/basic.html # nopep8 def check_credentials(username, password, request) -> typing.Optional[dict]: permissions = None app_config = request.registry.settings['CFG'] uapi = UserApi(None, session=request.dbsession, config=app_config) try: user = uapi.get_one_by_email(username) if user.validate_password(password): permissions = [] for group in user.groups: permissions.append(group.group_name) # TODO - G.M - 06-04-2018 - Add workspace specific permission ? # TODO - G.M - 06-04-2018 - Better catch for exception of bad password, bad # user except: pass return permissions class Root: # root __acl__ = ( (Allow, Group.TIM_ADMIN_GROUPNAME, ALL_PERMISSIONS), (Allow, Group.TIM_MANAGER_GROUPNAME, 'manager'), (Allow, Group.TIM_USER_GROUPNAME, 'user'), )