Here is an example of a custom AuthenticationPolicy, based off of the native AuthTktAuthenticationPolicy, but with added groups support. This example implies you have a user attribute on your request (see Making A “User Object” Available as a Request Attribute) and that the user should have a groups relation on it:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | from pyramid.authentication import AuthTktCookieHelper
from pyramid.security import Everyone, Authenticated
class MyAuthenticationPolicy(object):
def __init__(self, settings):
self.cookie = AuthTktCookieHelper(
settings.get('auth.secret'),
cookie_name=settings.get('auth.token') or 'auth_tkt',
secure=asbool(settings.get('auth.secure')),
timeout=asint(settings.get('auth.timeout')),
reissue_time=asint(settings.get('auth.reissue_time')),
max_age=asint(settings.get('auth.max_age')),
)
def remember(self, request, principal, **kw):
return self.cookie.remember(request, principal, **kw)
def forget(self, request):
return self.cookie.forget(request)
def unauthenticated_userid(self, request):
result = self.cookie.identify(request)
if result:
return result['userid']
def authenticated_userid(self, request):
if request.user:
return request.user.id
def effective_principals(self, request):
principals = [Everyone]
user = request.user
if user:
principals += [Authenticated, 'u:%s' % user.id]
principals.extend(('g:%s' % g.name for g in user.groups))
return principals
|
Thanks to raydeo for this one.