CPI
/
ordr2
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
CPI Ordering System (the old version)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.
73 Commits
3 Branches
0 Tags
2.2 MiB
 
 
 
 
 
Tree: c6bdf65223
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c6bdf65223'
${ noResults }
ordr2/ordr2/resources/account.py

103 lines
3.4 KiB
Raw Blame History

''' Resources for account registraion and settings '''
from datetime import datetime
from pyramid.security import Allow, Authenticated, Everyone, Deny, DENY_ALL
from ordr2.models.account import Token, TokenSubject
from ordr2.resources.base import BaseResource
class RegistrationToken(BaseResource):
''' representing :class:`ordr2.models.account.Token` for registration '''
def __acl__(self):
''' access controll list for the resource '''
return [
(Deny, Authenticated, 'register'),
(Allow, Everyone, 'register'),
DENY_ALL
]
class EmailVerificationToken(BaseResource):
''' representing :class:`ordr2.models.account.Token` for email change '''
def __acl__(self):
''' access controll list for the resource
a logged in user might only access his own tokens
'''
# self.model is a :class:`ordr2.models.account.Token` instance
return [
(Allow, self.model.owner.principal, 'settings'),
DENY_ALL
]
class ForgottenPasswordToken(BaseResource):
''' representing :class:`ordr2.models.account.Token` for password reset '''
def __acl__(self):
''' access controll list for the resource '''
return [
(Allow, Everyone, 'reset password'),
DENY_ALL
]
class AccountResource(BaseResource):
''' Resouce class for account registration and settings '''
#: name of the main navigation section for template highlighting
nav_section = 'account'
#: mapping token subjects to token resouce classes
token_resources = {
TokenSubject.USER_REGISTRATION: RegistrationToken,
TokenSubject.CHANGE_EMAIL: EmailVerificationToken,
TokenSubject.RESET_PASSWORD: ForgottenPasswordToken
}
def __init__(self, name, parent, model=None):
''' Create a base resource '''
# the current model is the current logged in user or None
super().__init__(name, parent, parent.request.user)
def __acl__(self):
''' access controll list for the resource
- everyone can log in our log out
- authenticated users can change their settings
- unauthenticated users can register
'''
return [
(Allow, Everyone, 'login'),
(Allow, Everyone, 'logout'),
(Deny, Authenticated, 'register'),
(Allow, Everyone, 'register'),
(Allow, Everyone, 'reset password'),
(Allow, Authenticated, 'settings'),
DENY_ALL
]
def __getitem__(self, key):
''' provides the dict like interface to access child resources
:param str key:
token hash or path segment for a child resource
:rtype:
subclass of ordr2.resources.base.BaseResource
:raises:
KeyError if token hash or path segment is not found
'''
token = self.request.dbsession.query(Token).filter_by(hash=key).first()
if token is None:
# no token found, search for child node
return super().__getitem__(key)
elif token.expires < datetime.utcnow():
# token has expired, delete it
self.request.dbsession.delete(token)
raise KeyError(f'Token {key} has expired on {token.expires}')
resource_class = self.token_resources[token.subject]
return resource_class(key, self, model=token)