pywebtools.pyramid.decorators – Decoratorators¶
decorators module contains function decorators for
use with the authentication framework.
Used in view functions.
Checks that the current user is logged in, otherwise redirects to the login page. Requires that the
current_user()decorator is run first.
require_permission(permission=None, class_=None, request_key=None, action=None)¶
Checks whether the current user has the given permission. Supports two modes:
If you provide the
permissionparameter and it will use
has_permission()to check whether the current user has the given permission. If not, it raises
Alternatively if you provide
actionparameters it will run a SQLAlchemy query for the
class_.id == request.matchdict[request_key]. If that returns a result, then it will use the
allowto check whether the current user is allowed to perform the given
action. If not it raises
HTTPUnauthorised. If no result is returned then it will raise
- permission (
str) – The permission to check the user for
- class (
class) – The SQLAlchemy ORM class to use for finding the instance that matches the
- request_key (
str) – The key to use for getting a unique identifier from the
request.matchdictto use in finding an instance of
- action (
str) – The action to check for with the instance of
The decorated function’s return value
- permission (
Provides standardised handling of “unauthorised” redirection. Depending on whether the user is currently logged in, it will set the appropriate error message into the session flash and redirect to the appropriate page. If the user is logged in, it will redirect to the root page or to the
redirect_toURL if specified. If the user is not logged in, it will always redirect to the login page.
- request – The pyramid request
- redirect_to (unicode) – The URL to redirect to, if the user is currently logged in.
- message (
unicode) – The message to show to the user