本文整理汇总了Python中webinterface.PYLOAD.isAuthorized方法的典型用法代码示例。如果您正苦于以下问题:Python PYLOAD.isAuthorized方法的具体用法?Python PYLOAD.isAuthorized怎么用?Python PYLOAD.isAuthorized使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类webinterface.PYLOAD
的用法示例。
在下文中一共展示了PYLOAD.isAuthorized方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: call_api
# 需要导入模块: from webinterface import PYLOAD [as 别名]
# 或者: from webinterface.PYLOAD import isAuthorized [as 别名]
def call_api(func, args=""):
add_header(response)
s = request.environ.get('beaker.session')
auth = parse_auth(request.get_header('Authorization', ''))
# TODO: session as GET
if 'session' in request.POST:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.POST['session'], "'\""))
elif auth:
user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None))
# if auth is correct create a pseudo session
if user: s = {'uid': user.uid}
api = get_user_api(s)
if not api:
return HTTPError(403, dumps("Forbidden"))
if not PYLOAD.isAuthorized(func, api.user):
return HTTPError(401, dumps("Unauthorized"))
args = args.split("/")[1:]
kwargs = {}
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if x == "session": continue
kwargs[x] = unquote(y)
try:
return callApi(api, func, *args, **kwargs)
except ExceptionObject, e:
return HTTPError(400, dumps(e))
示例2: call_api
# 需要导入模块: from webinterface import PYLOAD [as 别名]
# 或者: from webinterface.PYLOAD import isAuthorized [as 别名]
def call_api(func, args=""):
response.headers.replace("Content-type", "application/json")
response.headers.append("Cache-Control", "no-cache, must-revalidate")
s = request.environ.get('beaker.session')
if 'session' in request.POST:
s = s.get_by_id(request.POST['session'])
if not s or not s.get("authenticated", False):
return HTTPError(403, json.dumps("Forbidden"))
if not PYLOAD.isAuthorized(func, {"role": s["role"], "permission": s["perms"]}):
return HTTPError(401, json.dumps("Unauthorized"))
args = args.split("/")[1:]
kwargs = {}
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if x == "session": continue
kwargs[x] = unquote(y)
try:
return callApi(func, *args, **kwargs)
except Exception, e:
print_exc()
return HTTPError(500, json.dumps({"error": e.message, "traceback": format_exc()}))
示例3: call_api
# 需要导入模块: from webinterface import PYLOAD [as 别名]
# 或者: from webinterface.PYLOAD import isAuthorized [as 别名]
def call_api(func, args=""):
add_header(response)
s = request.environ.get('beaker.session')
if 'session' in request.POST:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.POST['session'], "'\""))
api = get_user_api(s)
if not api:
return HTTPError(403, dumps("Forbidden"))
if not PYLOAD.isAuthorized(func, api.user):
return HTTPError(401, dumps("Unauthorized"))
args = args.split("/")[1:]
kwargs = {}
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if x == "session": continue
kwargs[x] = unquote(y)
try:
return callApi(func, *args, **kwargs)
except Exception, e:
print_exc()
return HTTPError(500, dumps({"error": e.message, "traceback": format_exc()}))
示例4: call_api
# 需要导入模块: from webinterface import PYLOAD [as 别名]
# 或者: from webinterface.PYLOAD import isAuthorized [as 别名]
def call_api(func, args=""):
add_json_header(response)
s = request.environ.get('beaker.session')
# Accepts standard http auth
auth = parse_auth(request.get_header('Authorization', ''))
if 'session' in request.POST or 'session' in request.GET:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.params.get('session'), "'\""))
elif auth:
user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get('REMOTE_ADDR', None))
# if auth is correct create a pseudo session
if user: s = {'uid': user.uid}
api = get_user_api(s)
if not api:
return error(401, "Unauthorized")
if not PYLOAD.isAuthorized(func, api.user):
return error(403, "Forbidden")
if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
print "Invalid API call", func
return error(404, "Not Found")
# TODO: possible encoding
# TODO Better error codes on invalid input
args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
kwargs = {}
# accepts body as json dict
if request.json:
kwargs = request.json
# file upload, reads whole file into memory
for name, f in request.files.iteritems():
kwargs["filename"] = f.filename
content = StringIO()
f.save(content)
kwargs[name] = content.getvalue()
content.close()
# convert arguments from json to obj separately
for x, y in request.params.iteritems():
try:
if not x or not y or x == "session": continue
kwargs[x] = loads(unquote(y))
except Exception, e:
# Unsupported input
msg = "Invalid Input %s, %s : %s" % (x, y, e.message)
print_exc()
print msg
return error(415, msg)
示例5: call_api
# 需要导入模块: from webinterface import PYLOAD [as 别名]
# 或者: from webinterface.PYLOAD import isAuthorized [as 别名]
def call_api(func, args=""):
add_header(response)
s = request.environ.get("beaker.session")
# Accepts standard http auth
auth = parse_auth(request.get_header("Authorization", ""))
if "session" in request.POST or "session" in request.GET:
# removes "' so it works on json strings
s = s.get_by_id(remove_chars(request.params.get("session"), "'\""))
elif auth:
user = PYLOAD.checkAuth(auth[0], auth[1], request.environ.get("REMOTE_ADDR", None))
# if auth is correct create a pseudo session
if user:
s = {"uid": user.uid}
api = get_user_api(s)
if not api:
return HTTPError(401, dumps("Unauthorized"), **response.headers)
if not PYLOAD.isAuthorized(func, api.user):
return HTTPError(403, dumps("Forbidden"), **response.headers)
if not hasattr(PYLOAD.EXTERNAL, func) or func.startswith("_"):
print "Invalid API call", func
return HTTPError(404, dumps("Not Found"), **response.headers)
# TODO: possible encoding
# TODO Better error codes on invalid input
args = [loads(unquote(arg)) for arg in args.split("/")[1:]]
kwargs = {}
# accepts body as json dict
if request.json:
kwargs = request.json
# convert arguments from json to obj separately
for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
if not x or not y or x == "session":
continue
kwargs[x] = loads(unquote(y))
try:
result = getattr(api, func)(*args, **kwargs)
# null is invalid json response
if result is None:
result = True
return dumps(result)
except ExceptionObject, e:
return HTTPError(400, dumps(e), **response.headers)