授权的最后一步是允许某些观点使用矫正器(或添加_route)。 如果我们加入《欧洲刑法》允许的话——以观点看待——然后一页: 观众可以看到该页(供人浏览的网页)。
basic_authentication.py
import binascii
from zope.interface import implements
from paste.httpheaders import AUTHORIZATION
from paste.httpheaders import WWW_AUTHENTICATE
from pyramid.interfaces import IAuthenticationPolicy
from pyramid.security import Everyone
from pyramid.security import Authenticated
import yaml
def mycheck(credentials, request):
login = credentials[ login ]
password = credentials[ password ]
USERS = { user1 : pass1 ,
user2 : pass2 }
GROUPS = { user1 :[ group:viewers ],
user2 :[ group:editors ]}
if login in USERS and USERS[login] == password:
return GROUPS.get(login, [])
else:
return None
def _get_basicauth_credentials(request):
authorization = AUTHORIZATION(request.environ)
try:
authmeth, auth = authorization.split( , 1)
except ValueError: # not enough values to unpack
return None
if authmeth.lower() == basic :
try:
auth = auth.strip().decode( base64 )
except binascii.Error: # can t decode
return None
try:
login, password = auth.split( : , 1)
except ValueError: # not enough values to unpack
return None
return { login :login, password :password}
return None
class BasicAuthenticationPolicy(object):
""" A :app:`Pyramid` :term:`authentication policy` which
obtains data from basic authentication headers.
Constructor Arguments
``check``
A callback passed the credentials and the request,
expected to return None if the userid doesn t exist or a sequence
of group identifiers (possibly empty) if the user does exist.
Required.
``realm``
Default: ``Realm``. The Basic Auth realm string.
"""
implements(IAuthenticationPolicy)
def __init__(self, check, realm= Realm ):
self.check = check
self.realm = realm
def authenticated_userid(self, request):
credentials = _get_basicauth_credentials(request)
if credentials is None:
return None
userid = credentials[ login ]
if self.check(credentials, request) is not None: # is not None!
return userid
def effective_principals(self, request):
effective_principals = [Everyone]
credentials = _get_basicauth_credentials(request)
if credentials is None:
return effective_principals
userid = credentials[ login ]
groups = self.check(credentials, request)
if groups is None: # is None!
return effective_principals
effective_principals.append(Authenticated)
effective_principals.append(userid)
effective_principals.extend(groups)
return effective_principals
def unauthenticated_userid(self, request):
creds = self._get_credentials(request)
if creds is not None:
return creds[ login ]
return None
def remember(self, request, principal, **kw):
return []
def forget(self, request):
head = WWW_AUTHENTICATE.tuples( Basic realm="%s" % self.realm)
return head
我的项目__init__.py
from pyramid.config import Configurator
from myproject.resources import Root
from myproject.basic_authentication import BasicAuthenticationPolicy, mycheck
from pyramid.authorization import ACLAuthorizationPolicy
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
config = Configurator(root_factory= myproject.models.RootFactory ,
settings=settings,
authentication_policy=BasicAuthenticationPolicy(mycheck),
authorization_policy=ACLAuthorizationPolicy(),
)
config.add_static_view( static , myproject:static , cache_max_age=3600)
config.add_route( view_page , /view )
config.add_route( edit_page , /edit )
config.scan()
app = config.make_wsgi_app()
return app
模式。 y
from pyramid.security import Allow
class RootFactory(object):
__acl__ = [ (Allow, group:viewers , view ),
(Allow, group:editors , edit ) ]
def __init__(self, request):
pass
意见。 y
from pyramid.security import authenticated_userid
from pyramid.view import view_config
#def my_view(request):
# return render_to_response( templates/simple.pt , {})
@view_config(route_name= view_page , renderer= templates/view.pt , permission= view )
def view_page(request):
return {}
@view_config(route_name= edit_page , renderer= templates/edit.pt , permission= edit )
def edit_page(request):
return {}
