Add login_required decorator

2017-02-06 01:11:32 +02:00
parent 6e4355ce3c
commit 19d7ee7b06
3 changed files with 42 additions and 22 deletions
--- a/aiohttp_security/init.py
+++ b/aiohttp_security/init.py
@@ -1,5 +1,12 @@
 from .abc import AbstractIdentityPolicy, AbstractAuthorizationPolicy
-from .api import remember, forget, setup, authorized_userid, permits
+from .api import (
+    authorized_userid,
+    forget,
+    login_required,
+    permits,
+    remember,
+    setup,
+)
 from .cookies_identity import CookiesIdentityPolicy
 from .session_identity import SessionIdentityPolicy

@@ -10,4 +17,4 @@ __version__ = '0.1.1'
 __all__ = ('AbstractIdentityPolicy', 'AbstractAuthorizationPolicy',
           'CookiesIdentityPolicy', 'SessionIdentityPolicy',
           'remember', 'forget', 'authorized_userid',
-           'permits', 'setup')
+           'permits', 'setup', 'login_required')
--- a/aiohttp_security/api.py
+++ b/aiohttp_security/api.py
@@ -1,3 +1,5 @@
+from functools import wraps
+
 import asyncio
 from aiohttp import web
 from aiohttp_security.abc import (AbstractIdentityPolicy,
@@ -5,6 +7,7 @@ from aiohttp_security.abc import (AbstractIdentityPolicy,

 IDENTITY_KEY = 'aiohttp_security_identity_policy'
 AUTZ_KEY = 'aiohttp_security_autz_policy'
+AUTZ_REDIRECT_URL = 'aiohttp_security_autz_redirect_url'


@asyncio.coroutine
@@ -74,9 +77,29 @@ def permits(request, permission, context=None):
    return access


-def setup(app, identity_policy, autz_policy):
+def setup(app, identity_policy, autz_policy, redirect_url=None):
    assert isinstance(identity_policy, AbstractIdentityPolicy), identity_policy
    assert isinstance(autz_policy, AbstractAuthorizationPolicy), autz_policy

    app[IDENTITY_KEY] = identity_policy
    app[AUTZ_KEY] = autz_policy
+
+    if redirect_url:
+        app[AUTZ_REDIRECT_URL] = redirect_url
+
+
+def login_required(permission):
+    def wrapper(handler):
+        @asyncio.coroutine
+        @wraps(handler)
+        def wrapped(request):
+            has_perm = yield from permits(request, permission)
+            if not has_perm:
+                redirect_url = request.app.get(AUTZ_REDIRECT_URL)
+                if redirect_url:
+                    return web.HTTPFound(redirect_url)
+                raise web.HTTPForbidden()
+            response = yield from handler(request)
+            return response
+        return wrapped
+    return wrapper