Update docs and demo with login required, has permission (#128)

* Work on * Update docs with login_required and has_permission
2018-01-24 12:29:20 +02:00
parent f9628b0ac1
commit 1679f6713b
6 changed files with 84 additions and 108 deletions
--- a/demo/database_auth/handlers.py
+++ b/demo/database_auth/handlers.py
@@ -1,42 +1,31 @@
-import functools
+from textwrap import dedent

 from aiohttp import web

-from aiohttp_security import remember, forget, authorized_userid, permits
+from aiohttp_security import (
+    remember, forget, authorized_userid,
+    has_permission, login_required,
+)

 from .db_auth import check_credentials


-def require(permission):
-    def wrapper(f):
-        @functools.wraps(f)
-        async def wrapped(self, request):
-            has_perm = await permits(request, permission)
-            if not has_perm:
-                message = 'User has no permission {}'.format(permission)
-                raise web.HTTPForbidden(body=message.encode())
-            return await f(self, request)
-        return wrapped
-    return wrapper
-
-
 class Web(object):
-    index_template = """
-<!doctype html>
-<head>
-</head>
-<body>
-<p>{message}</p>
-<form action="/login" method="post">
-  Login:
-  <input type="text" name="login">
-  Password:
-  <input type="password" name="password">
-  <input type="submit" value="Login">
-</form>
-<a href="/logout">Logout</a>
-</body>
-"""
+    index_template = dedent("""
+        <!doctype html>
+            <head></head>
+            <body>
+                <p>{message}</p>
+                <form action="/login" method="post">
+                  Login:
+                  <input type="text" name="login">
+                  Password:
+                  <input type="password" name="password">
+                  <input type="submit" value="Login">
+                </form>
+                <a href="/logout">Logout</a>
+            </body>
+    """)

    async def index(self, request):
        username = await authorized_userid(request)
@@ -61,19 +50,19 @@ class Web(object):
        return web.HTTPUnauthorized(
            body=b'Invalid username/password combination')

-    @require('public')
+    @login_required
    async def logout(self, request):
        response = web.Response(body=b'You have been logged out')
        await forget(request, response)
        return response

-    @require('public')
+    @has_permission('public')
    async def internal_page(self, request):
        response = web.Response(
            body=b'This page is visible for all registered users')
        return response

-    @require('protected')
+    @has_permission('protected')
    async def protected_page(self, request):
        response = web.Response(body=b'You are on protected page')
        return response