tanshu
/
soter
1
0
Fork 0
Code Issues Pull Requests Releases Activity
soter/soter/views/session.py

60 lines
2.0 KiB
Python
Raw Blame History

from pyramid.security import authenticated_userid, forget, remember
from pyramid.view import view_config
from webob import Response
from webob.exc import HTTPFound
from soter import rolefinder
from soter.models.auth import User, Permission
from soter.models.validation_exception import TryCatchFunction
@view_config(route_name='v1_auth', renderer='json')
def user_permission(request):
user_id = authenticated_userid(request)
if user_id is None:
auth = {'isAuthenticated': False, 'permissions': {}}
elif 'auth' in request.session:
auth = request.session['auth']
else:
user = User.by_id(user_id)
auth = {'isAuthenticated': True, 'name': user.name, 'id': user.id}
session_perms = rolefinder(user.id, request)
perms = {}
for item in Permission.list():
perms[item.name] = True if item.name in session_perms else False
auth['permissions'] = perms
request.session['auth'] = auth
return auth
@view_config(route_name='logout')
def logout(request):
request.session.invalidate()
headers = forget(request)
return HTTPFound(location=request.route_url('home'), headers=headers)
@view_config(request_method='POST', route_name='v1_login', renderer='json')
@TryCatchFunction
def login(request):
username = request.json_body.get('username', None)
password = request.json_body.get('password', None)
found, user = User.auth(username, password)
if found:
headers = remember(request, str(user.id))
request.response.headers = headers
request.response.content_type = 'application/json'
request.response.charset = 'utf8'
auth = {'isAuthenticated': True, 'name': user.name, 'id': user.id}
session_perms = rolefinder(user.id, request)
perms = {}
for item in Permission.list():
perms[item.name] = True if item.name in session_perms else False
auth['permissions'] = perms
return auth
else:
response = Response("Login failed")
response.status_int = 403
return response
Reference in New Issue View Git Blame Copy Permalink