source: TI01-discovery-OaiInfoEditor/trunk/v3n_NDG3/OAIInfoEditor/oai_info_editor/lib/security_redirector.py @ 6757

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI01-discovery-OaiInfoEditor/trunk/v3n_NDG3/OAIInfoEditor/oai_info_editor/lib/security_redirector.py@6757
Revision 6757, 2.6 KB checked in by sdonegan, 10 years ago (diff)

Added Phils amended code to allow succesful transfer of mountpoint

Line 
1#!/usr/bin/env python
2"""
3WSGI Authorization handler - to handle redirection following access failure
4- NB, this is used mainly to redirect from the non-admin to the admin role or
5from the non-system user to the error page
6
7NERC DataGrid Project
8"""
9__author__ = "C Byrom"
10__date__ = "29/06/09"
11__copyright__ = "(C) 2009 Science and Technology Facilities Council"
12__license__ = "BSD - see LICENSE file in top-level directory"
13__contact__ = "Philip.Kershaw@stfc.ac.uk"
14__revision__ = '$Id$'
15import logging
16log = logging.getLogger(__name__)
17
18from ndg.security.server.wsgi import NDGSecurityMiddlewareBase
19from ndg.security.server.wsgi.authz import PEPResultHandlerMiddleware
20from oai_info_editor.lib.base import *
21from oai_info_editor.controllers.master import ADMIN_PARAMETER
22
23
24class RedirectFollowingAccessDenied(PEPResultHandlerMiddleware):
25    """Ensure Admin users invoke the home page with the Admin
26    query string set.  If they don't a redirect is invoked to the
27    same URL but with the admin rights flag set in the query
28    string
29    """
30    MOUNT_POINT_OPTNAME = 'mountPoint'
31    MOUNT_POINT_DEFAULT = '/'
32
33    def __init__(self, app, global_conf, prefix='', **app_conf):
34        super(RedirectFollowingAccessDenied, self).__init__(app,
35                                                            global_conf,
36                                                            **app_conf)
37        cls = RedirectFollowingAccessDenied
38        optName = prefix + cls.MOUNT_POINT_OPTNAME
39        self.__mountPoint = app_conf.get(optName, cls.MOUNT_POINT_DEFAULT)
40        log.debug("Mount point %r = %r", optName, self.__mountPoint)
41        log.debug("app_conf = %r", app_conf)
42   
43    @NDGSecurityMiddlewareBase.initCall
44    def __call__(self, environ, start_response):
45       
46        # NB, the admin rights will be passed in the query_string as admin=1
47        # - the only case that access may be denied to admin is when they are
48        # attempting to access the main home page - in this case they need to
49        # be redirected to the home page with the admin flag set on it
50        queryString = environ.get('QUERY_STRING', '')
51        path = environ.get('PATH_INFO', '')
52        if path == '/home' and '?' + queryString != ADMIN_PARAMETER:
53            redirectURI = "%s%s%s" % (self.__mountPoint, path, ADMIN_PARAMETER)
54            log.debug("Redirecting to %r", redirectURI)
55            return self.redirect(redirectURI)
56        else:
57            response = \
58"""Error: You do not currently have access rights to view this resource.
59\n\n
60Please contact the site administrator, if this needs to be arranged.
61"""
62
63            return self._setErrorResponse(code=403, msg=response)
64       
Note: See TracBrowser for help on using the repository browser.