source: TI01-discovery/trunk/OAIInfoEditor/oai_info_editor/lib/security_redirector.py @ 5466

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI01-discovery/trunk/OAIInfoEditor/oai_info_editor/lib/security_redirector.py@5466
Revision 5466, 2.0 KB checked in by cbyrom, 10 years ago (diff)

Add to code to allow the OAI editor to be used with the new openid
based security system. Add the policy file and secured ini file +
adjust handling of users - enforcing page access via URL content

  • basically either by provider ID or via 'admin=1' parameter for

admin users. For the latter, provider security_redirector module to
allow admin users to use same point of entry as normal users.

Line 
1#!/usr/bin/env python
2"""
3WSGI Authorization handler - to handle redirection following access failure
4- NB, this is used mainly to redirect from the non-admin to the admin role or
5from the non-system user to the error page
6
7NERC DataGrid Project
8"""
9__author__ = "C Byrom"
10__date__ = "29/06/09"
11__copyright__ = "(C) 2009 Science and Technology Facilities Council"
12__license__ = "BSD - see LICENSE file in top-level directory"
13__contact__ = "Philip.Kershaw@stfc.ac.uk"
14__revision__ = '$Id$'
15import logging
16
17
18import unittest
19import os
20from urlparse import urlunsplit
21
22from os.path import expandvars as xpdVars
23from os.path import join as jnPath
24mkPath = lambda file: jnPath(os.environ['NDGSEC_COMBINED_SRVS_UNITTEST_DIR'], 
25                             file)
26
27import paste.fixture
28from paste.deploy import loadapp
29from ndg.security.server.wsgi import NDGSecurityMiddlewareBase
30from ndg.security.server.wsgi.authz import PIPMiddlewareConfigError, \
31    PEPResultHandlerMiddleware
32from ndg.security.common.authz.msi import Response
33from oai_info_editor.lib.base import *
34from oai_info_editor.controllers.master import ADMIN_PARAMETER
35
36class RedirectFollowingAccessDenied(PEPResultHandlerMiddleware):
37   
38    @NDGSecurityMiddlewareBase.initCall
39    def __call__(self, environ, start_response):
40       
41        # NB, the admin rights will be passed in the query_string as admin=1
42        # - the only case that access may be denied to admin is when they are
43        # attempting to access the main home page - in this case they need to
44        # be redirected to the home page with the admin flag set on it
45        queryString = environ.get('QUERY_STRING', '')
46        path = environ.get('PATH_INFO', '')
47        if path == '/home' and queryString != ADMIN_PARAMETER:
48            return self.redirect("%s%s" %(path, ADMIN_PARAMETER))
49        else:
50            response = \
51"""Error: You do not currently have access rights to view this resource.
52\n\n
53Please contact the site administrator, if this needs to be arranged.
54"""
55
56            return self._setErrorResponse(code=403, msg=response)
57       
Note: See TracBrowser for help on using the repository browser.