Implement administrator mode

[invirt/packages/invirt-web.git] / code / view.py

diff --git a/code/view.py b/code/view.py
index 38569ed..d15d53f 100644 (file)
--- a/code/view.py
+++ b/code/view.py
@@ -5,6 +5,8 @@ from mako.template import Template
 from mako.lookup import TemplateLookup
 import simplejson
 import datetime, decimal
+from invirt.config import structs as config
+from webcommon import State
 
 class MakoHandler(cherrypy.dispatch.LateParamPageHandler):
     """Callable which sets response.body."""
@@ -27,7 +29,8 @@ class MakoLoader(object):
         self.lookups = {}
     
     def __call__(self, filename, directories, module_directory=None,
-                 collection_size=-1, content_type='text/html; charset=utf-8'):
+                 collection_size=-1, content_type='text/html; charset=utf-8',
+                 imports=[]):
         # Find the appropriate template lookup.
         key = (tuple(directories), module_directory)
         try:
@@ -39,6 +42,7 @@ class MakoLoader(object):
                                     default_filters=['decode.utf8'],
                                     input_encoding='utf-8',
                                     output_encoding='utf-8',
+                                    imports=imports,
                                     )
             self.lookups[key] = lookup
         cherrypy.request.lookup = lookup
@@ -76,7 +80,42 @@ def require_login():
         raise cherrypy.HTTPError(403,
             "You are not authorized to access that resource")
 
-cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login)
+cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login, priority=150)
+
+def require_POST():
+    """If the request isn't a POST request, raise 405 Method Not Allowed"""
+    if cherrypy.request.method != "POST":
+        raise cherrypy.HTTPError(405,
+                                 "You must submit this request with POST")
+
+cherrypy.tools.require_POST = cherrypy.Tool('on_start_resource', require_POST, priority=150)
+
+def remote_user_login():
+    """Get the current user based on the SSL or GSSAPI environment variables"""
+    environ = cherrypy.request.wsgi_environ
+    user = environ.get('REMOTE_USER')
+    if user is None:
+        return
+    else:
+        cherrypy.request.login = None # clear what cherrypy put there
+
+    if environ.get('AUTH_TYPE') == 'Negotiate':
+        # Convert the krb5 principal into a krb4 username
+        if not user.endswith('@%s' % config.kerberos.realm):
+            cherrypy.request.login = False # failed to login
+        else:
+            cherrypy.request.login = user.split('@')[0].replace('/', '.')
+    else:
+        cherrypy.request.login = user
+
+cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource', remote_user_login, priority=50)
+
+def invirtwebstate_init():
+    """Initialize the cherrypy.request.state object from Invirt"""
+    if not hasattr(cherrypy.request, "state"):
+        cherrypy.request.state = State(cherrypy.request.login)
+
+cherrypy.tools.invirtwebstate = cherrypy.Tool('on_start_resource', invirtwebstate_init, priority=100)
 
 class View(object):
     _cp_config = {'tools.mako.directories': [os.path.join(os.path.dirname(__file__),'templates')]}