Add couple assertions and short-cut

2015-11-20 13:39:10 +02:00 · 2015-11-20 13:39:10 +02:00 · ebf4fd9375
parent 52d5513838
commit ebf4fd9375
1 changed files with 5 additions and 0 deletions
--- a/aiohttp_security/api.py
+++ b/aiohttp_security/api.py
@ -17,6 +17,7 @@ def remember(request, response, identity, **kwargs):
    pushed into custom header also.
    """
    assert isinstance(identity, str), identity
+    assert identity
    identity_policy = request.app.get(IDENTITY_KEY)
    if identity_policy is None:
        text = ("Security subsystem is not initialized, "
@ -53,6 +54,8 @@ def authorized_userid(request):
    if identity_policy is None or autz_policy is None:
        return None
    identity = yield from identity_policy.identify(request)
+    if identity is None:
+        return None  # non-registered user has None user_id
    user_id = yield from autz_policy.authorized_userid(identity)
    return user_id

@ -60,11 +63,13 @@ def authorized_userid(request):
@asyncio.coroutine
 def permits(request, permission, context=None):
    assert isinstance(permission, str), permission
+    assert permission
    identity_policy = request.app.get(IDENTITY_KEY)
    autz_policy = request.app.get(AUTZ_KEY)
    if identity_policy is None or autz_policy is None:
        return True
    identity = yield from identity_policy.identify(request)
+    # non-registered user still may has some permissions
    access = yield from autz_policy.permits(identity, permission, context)
    return access