| 1234567891011121314151617181920212223242526272829303132333435363738 |
- import typing
- from pyramid.security import ALL_PERMISSIONS
- from pyramid.security import Allow
- from pyramid.security import Authenticated
- from tracim.lib.core.user import UserApi
- from tracim.models.auth import Group
- from tracim.lib.core.workspace import WorkspaceApi
-
- # INFO - G.M - 06-04-2018 - Auth for pyramid
- # based on this tutorial : https://docs.pylonsproject.org/projects/pyramid-cookbook/en/latest/auth/basic.html # nopep8
-
-
- def check_credentials(username, password, request) -> typing.Optional[dict]:
- permissions = None
- app_config = request.registry.settings['CFG']
- uapi = UserApi(None, session=request.dbsession, config=app_config)
- try:
- user = uapi.get_one_by_email(username)
- if user.validate_password(password):
- permissions = []
- for group in user.groups:
- permissions.append(group.group_name)
- # TODO - G.M - 06-04-2018 - Add workspace specific permission ?
- # TODO - G.M - 06-04-2018 - Better catch for exception of bad password, bad
- # user
- except:
- pass
- return permissions
-
-
- class Root:
- # root
- __acl__ = (
- (Allow, Group.TIM_ADMIN_GROUPNAME, ALL_PERMISSIONS),
- (Allow, Group.TIM_MANAGER_GROUPNAME, 'manager'),
- (Allow, Group.TIM_USER_GROUPNAME, 'user'),
- )
|
