Commits

Takashi Matsuo  committed c88da09

Moved authorization presets back to kay.generics.
Added check_authority method to kay.generics.rest.RESTViewGroup.

  • Participants
  • Parent commits 658570e

Comments (0)

Files changed (7)

File docs/japanese/source/generic_views.rst

 ``list``, ``show``, ``create``, ``update``, ``delete`` に分類されていま
 す。
 
-``kay.generics.crud`` モジュールには便利なプリセットの関数がいくつか用
-意されていて、これらの中から選んで使う事もできます。
+``kay.generics`` パッケージには便利なプリセットの関数がいくつか用意され
+ていて、これらの中から選んで使う事もできます。
 
-* kay.generics.crud.login_required
-* kay.generics.crud.admin_required
-* kay.generics.crud.only_owner_can_write
-* kay.generics.crud.only_owner_can_write_except_for_admin
+* kay.generics.login_required
+* kay.generics.admin_required
+* kay.generics.only_owner_can_write
+* kay.generics.only_owner_can_write_except_for_admin
 
 下記の例ではこのうちの一つを使用しています:
 
 .. code-block:: python
 
+   from kay.generics import only_owner_can_write_except_for_admin
+   from kay.generics import crud
+
+
    class MyCRUDViewGroup(crud.CRUDViewGroup):
      model = 'myapp.models.MyModel'
      form = 'myapp.forms.MyForm'
-     authorize = crud.only_owner_can_write_except_for_admin
+     authorize = only_owner_can_write_except_for_admin
 
 TODO: ``authorize`` メソッドに関する詳細な説明

File docs/japanese/source/tutorial.rst

 
 .. code-block:: python
 
+   from kay.generics import admin_required
    from kay.generics import crud
    from kay.routing import (
      ViewGroup, Rule
    class CategoryCRUDViewGroup(crud.CRUDViewGroup):
      model = 'myapp.models.Category'
      form = 'myapp.forms.CategoryForm'
-     authorize = crud.admin_required
+     authorize = admin_required
 
    view_groups = [
      ViewGroup(

File docs/source/generic_views.rst

 subclass. These operations are classified in ``list``, ``show``,
 ``create``, ``update``, ``delete``.
 
-``kay.generics.crud`` module has useful presets for this method, so
+``kay.generics`` package has useful presets for this method, so
 you can choose one of them if you like.
 
-* kay.generics.crud.login_required
-* kay.generics.crud.admin_required
-* kay.generics.crud.only_owner_can_write
-* kay.generics.crud.only_owner_can_write_except_for_admin
+* kay.generics.login_required
+* kay.generics.admin_required
+* kay.generics.only_owner_can_write
+* kay.generics.only_owner_can_write_except_for_admin
 
 An example bellow shows how to use one of these presets:
 
 .. code-block:: python
 
+   from kay.generics import only_owner_can_write_except_for_admin
+   from kay.generics import crud
+
    class MyCRUDViewGroup(crud.CRUDViewGroup):
      model = 'myapp.models.MyModel'
      form = 'myapp.forms.MyForm'
-     authorize = crud.only_owner_can_write_except_for_admin
+     authorize = only_owner_can_write_except_for_admin
 
 TODO: detailed docs about ``authorize`` method.

File docs/source/tutorial.rst

 
 .. code-block:: python
 
+   from kay.generics import admin_required
    from kay.generics import crud
    from kay.routing import (
      ViewGroup, Rule
    class CategoryCRUDViewGroup(crud.CRUDViewGroup):
      model = 'myapp.models.Category'
      form = 'myapp.forms.CategoryForm'
-     authorize = crud.admin_required
+     authorize = admin_required
 
    view_groups = [
      ViewGroup(

File kay/generics/__init__.py

 :license: BSD, see LICENSE for more details.
 """
 
+from kay.exceptions import NotAuthorized
+
 OP_LIST = 'list'
 OP_SHOW = 'show'
 OP_CREATE = 'create'
 OP_UPDATE = 'update'
 OP_DELETE = 'delete'
+
+# presets for authorization
+
+def login_required(self, request, operation, obj=None, model_name=None,
+                   prop_name=None):
+  if request.user.is_anonymous():
+    raise NotAuthorized()
+
+def admin_required(self, request, operation, obj=None, model_name=None,
+                   prop_name=None):
+  if not request.user.is_admin:
+    raise NotAuthorized()
+
+def only_admin_can_write(self, request, operation, obj=None, model_name=None,
+                         prop_name=None):
+  if operation == OP_CREATE or operation == OP_UPDATE or \
+        operation == OP_DELETE:
+    if not request.user.is_admin:
+      raise NotAuthorized()
+
+def only_owner_can_write(self, request, operation, obj=None, model_name=None,
+                         prop_name=None):
+  if operation == OP_CREATE:
+    if request.user.is_anonymous():
+      raise NotAuthorized()
+  elif operation == OP_UPDATE or operation == OP_DELETE:
+    if self.owner_attr:
+      owner = getattr(obj, self.owner_attr)
+    else:
+      owner = None
+      for key, val in obj.fields().iteritems():
+        if isinstance(val, OwnerProperty):
+          owner = getattr(obj, key)
+      if owner is None:
+        raise NotAuthorized()
+    if owner != request.user:
+      raise NotAuthorized()
+
+def only_owner_can_write_except_for_admin(self, request, operation, obj=None,
+                                          model_name=None, prop_name=None):
+  if request.user.is_admin:
+    return True
+  else:
+    return only_owner_can_write(self, request, operation, obj)

File kay/generics/crud.py

   'delete': "a/delete_$model",
 }
 
-# presets for authorization
-
-def login_required(self, request, operation, obj=None):
-  if request.user.is_anonymous():
-    raise NotAuthorized()
-
-def admin_required(self, request, operation, obj=None):
-  if not request.user.is_admin:
-    raise NotAuthorized()
-
-def only_admin_can_write(self, request, operation, obj=None):
-  if operation == OP_CREATE or operation == OP_UPDATE or \
-        operation == OP_DELETE:
-    if not request.user.is_admin:
-      raise NotAuthorized()
-
-def only_owner_can_write(self, request, operation, obj=None):
-  if operation == OP_CREATE:
-    if request.user.is_anonymous():
-      raise NotAuthorized()
-  elif operation == OP_UPDATE or operation == OP_DELETE:
-    if self.owner_attr:
-      owner = getattr(obj, self.owner_attr)
-    else:
-      owner = None
-      for key, val in obj.fields().iteritems():
-        if isinstance(val, OwnerProperty):
-          owner = getattr(obj, key)
-      if owner is None:
-        raise NotAuthorized()
-    if owner != request.user:
-      raise NotAuthorized()
-
-def only_owner_can_write_except_for_admin(self, request, operation, obj=None):
-  if request.user.is_admin:
-    return True
-  else:
-    return only_owner_can_write(self, request, operation, obj)
 
 class CRUDViewGroup(ViewGroup):
   entities_per_page = 20

File kay/generics/rest.py

 from kay.i18n import lazy_gettext
 from kay.routing import ViewGroup
 
+from kay.generics import (
+  OP_LIST, OP_SHOW, OP_CREATE, OP_UPDATE, OP_DELETE
+)
 
 def get_instance_type_name(value):
     """Returns the name of the type of the given instance."""
     KEY_PROPERTY_TYPE : XSD_PREFIX + ":normalizedString"
     }
 
+
 def parse_date_time(dt_str, dt_format, dt_type, allows_microseconds):
     """Returns a datetime/date/time instance parsed from the given string using the given format info."""
     ms = None
             ret[actual_endpoint] = getattr(self, endpoint)
         return ret
 
+    def authorize(self, request, operation, obj=None, model_name=None,
+                  prop_name=None):
+        """ Raise AuthorizationError when the operation is not
+        permitted.
+        """
+        return True
+
+    def check_authority(self, request, operation, obj=None, model_name=None,
+                        prop_name=None):
+        try:
+            self.authorize(request, operation, obj, model_name, prop_name)
+        except NotAuthorized, e:
+            raise Forbidden("Access not allowed.")
+
     def metadata(self, request, model_name=None):
         impl = minidom.getDOMImplementation()
         doc = None