wuttaweb.auth

Auth Utility Logic

class wuttaweb.auth.WuttaSecurityPolicy(db_session=None)[source]

Pyramid security policy for WuttaWeb.

For more on the Pyramid details, see Security.

But the idea here is that you should be able to just use this, without thinking too hard:

from pyramid.config import Configurator
from wuttaweb.auth import WuttaSecurityPolicy

pyramid_config = Configurator()
pyramid_config.set_security_policy(WuttaSecurityPolicy())

This security policy will then do the following:

  • use the request “web session” for auth storage (e.g. current user.uuid)

  • check permissions as needed, by calling has_permission() for current user

Parameters:

db_session – Optional db session to use, instead of wuttaweb.db.sess.Session. Probably only useful for tests.

wuttaweb.auth.add_permission(pyramid_config, groupkey, key, label=None)[source]

Pyramid directive to add a single “permission” to the app’s awareness.

The app must be made aware of all permissions, so they are exposed when editing a Role. The logic for discovering permissions is in get_available_permissions().

This is usually called from within a master view’s defaults() to establish “known” permissions based on master view feature flags (viewable, editable, etc.).

A simple example of usage:

pyramid_config.add_permission('widgets', 'widgets.polish',
                              label="Polish all the widgets")
Parameters:

  • groupkey – Unique key for the permission group. In the context of a master view, this will be the same as permission_prefix.

  • key – Unique key for the permission. This should be the “complete” permission name which includes the permission prefix.

  • label – Optional label for the permission. If not specified, it is derived from key.

See also add_permission_group().

wuttaweb.auth.add_permission_group(pyramid_config, groupkey, label=None, overwrite=True)[source]

Pyramid directive to add a “permission group” to the app’s awareness.

The app must be made aware of all permissions, so they are exposed when editing a Role. The logic for discovering permissions is in get_available_permissions().

This is usually called from within a master view’s defaults() to establish the permission group which applies to the view model.

A simple example of usage:

pyramid_config.add_permission_group('widgets', label="Widgets")
Parameters:

  • groupkey – Unique key for the permission group. In the context of a master view, this will be the same as permission_prefix.

  • label – Optional label for the permission group. If not specified, it is derived from groupkey.

  • overwrite – If the permission group was already established, this flag controls whether the group’s label should be overwritten (with label).

See also add_permission().

wuttaweb.auth.login_user(request, user)[source]

Perform the steps necessary to “login” the given user. This returns a headers dict which you should pass to the final redirect, like so:

from pyramid.httpexceptions import HTTPFound

headers = login_user(request, user)
return HTTPFound(location='/', headers=headers)

Warning

This logic does not “authenticate” the user! It assumes caller has already authenticated the user and they are safe to login.

See also logout_user().

wuttaweb.auth.logout_user(request)[source]

Perform the logout action for the given request. This returns a headers dict which you should pass to the final redirect, like so:

from pyramid.httpexceptions import HTTPFound

headers = logout_user(request)
return HTTPFound(location='/', headers=headers)

See also login_user().