From 7043b24377babf5c90ff3a304335c2f315c46233 Mon Sep 17 00:00:00 2001
From: Sick Yoon <shicky@gmail.com>
Date: Thu, 12 May 2016 20:14:00 +0900
Subject: [PATCH] removing authorized_userid() method and added decorator

---
 aiohttp_security/abc.py | 10 ----------
 aiohttp_security/api.py | 37 ++++++++++++++++++++++++++++++++-----
 2 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/aiohttp_security/abc.py b/aiohttp_security/abc.py
index b1f9f2a..4b9bb71 100644
--- a/aiohttp_security/abc.py
+++ b/aiohttp_security/abc.py
@@ -44,13 +44,3 @@ class AbstractAuthorizationPolicy(metaclass=abc.ABCMeta):
         current context, else return False.
         """
         pass
-
-    @asyncio.coroutine
-    @abc.abstractmethod
-    def authorized_userid(self, identity):
-        """Retrieve authorized user id.
-
-        Return the user_id of the user identified by the identity
-        or 'None' if no user exists related to the identity.
-        """
-        pass
diff --git a/aiohttp_security/api.py b/aiohttp_security/api.py
index 831f8de..30d87be 100644
--- a/aiohttp_security/api.py
+++ b/aiohttp_security/api.py
@@ -1,4 +1,5 @@
 import asyncio
+import functools
 from aiohttp import web
 from aiohttp_security.abc import (AbstractIdentityPolicy,
                                   AbstractAuthorizationPolicy)
@@ -7,6 +8,25 @@ IDENTITY_KEY = 'aiohttp_security_identity_policy'
 AUTZ_KEY = 'aiohttp_security_autz_policy'
 
 
+def authorize(required=True):
+    def wrapper(f):
+        @asyncio.coroutine
+        @functools.wraps(f)
+        def wrapped(**kwargs):
+            assert 'request' in kwargs
+            if asyncio.iscoroutinefunction(f):
+                coro = f
+            else:
+                coro = asyncio.coroutine(f)
+            identity = yield from get_user_identity(kwargs['request'])
+            if not identity and not required:
+                raise web.HTTPForbidden()
+            return (yield from coro(identity=identity, **kwargs))
+        return wrapped
+    return wrapper
+
+
+
 @asyncio.coroutine
 def remember(request, response, identity, **kwargs):
     """Remember identity into response.
@@ -47,6 +67,16 @@ def forget(request, response):
     yield from identity_policy.forget(request, response)
 
 
+@asyncio.coroutine
+def get_user_identity(request):
+    identity_policy = request.app.get(IDENTITY_KEY)
+    if identity_policy is None:
+        return None
+    identity = yield from identity_policy.identify(request)
+    return identity
+authorized_userid method in AbstractAuthorizationPolicy required?
+
+'''
 @asyncio.coroutine
 def authorized_userid(request):
     identity_policy = request.app.get(IDENTITY_KEY)
@@ -58,18 +88,15 @@ def authorized_userid(request):
         return None  # non-registered user has None user_id
     user_id = yield from autz_policy.authorized_userid(identity)
     return user_id
+'''
 
 
 @asyncio.coroutine
 def permits(request, permission, context=None):
     assert isinstance(permission, str), permission
     assert permission
-    identity_policy = request.app.get(IDENTITY_KEY)
     autz_policy = request.app.get(AUTZ_KEY)
-    if identity_policy is None or autz_policy is None:
-        return True
-    identity = yield from identity_policy.identify(request)
-    # non-registered user still may has some permissions
+    identity = yield from get_user_identity(request)
     access = yield from autz_policy.permits(identity, permission, context)
     return access