source: TI01-discovery/trunk/OAIInfoEditor/oai_info_editor/lib/security_redirector.py @ 5470

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI01-discovery/trunk/OAIInfoEditor/oai_info_editor/lib/security_redirector.py@5470
Revision 5470, 2.1 KB checked in by cbyrom, 10 years ago (diff)

Update documentation, adding a section on how to set up the security
+ tidy up the codebase, moving configuration files to the top level
and deleting any app specific data + fix a few links to properly
include the admin parameter + fix an issue with the admin redirection.

Line 
1#!/usr/bin/env python
2"""
3WSGI Authorization handler - to handle redirection following access failure
4- NB, this is used mainly to redirect from the non-admin to the admin role or
5from the non-system user to the error page
6
7NERC DataGrid Project
8"""
9__author__ = "C Byrom"
10__date__ = "29/06/09"
11__copyright__ = "(C) 2009 Science and Technology Facilities Council"
12__license__ = "BSD - see LICENSE file in top-level directory"
13__contact__ = "Philip.Kershaw@stfc.ac.uk"
14__revision__ = '$Id$'
15import logging
16
17
18import unittest
19import os
20from urlparse import urlunsplit
21
22from os.path import expandvars as xpdVars
23from os.path import join as jnPath
24mkPath = lambda file: jnPath(os.environ['NDGSEC_COMBINED_SRVS_UNITTEST_DIR'], 
25                             file)
26
27import paste.fixture
28from paste.deploy import loadapp
29from ndg.security.server.wsgi import NDGSecurityMiddlewareBase
30from ndg.security.server.wsgi.authz import PIPMiddlewareConfigError, \
31    PEPResultHandlerMiddleware
32from ndg.security.common.authz.msi import Response
33from oai_info_editor.lib.base import *
34from oai_info_editor.controllers.master import ADMIN_PARAMETER
35
36class RedirectFollowingAccessDenied(PEPResultHandlerMiddleware):
37   
38    @NDGSecurityMiddlewareBase.initCall
39    def __call__(self, environ, start_response):
40       
41        # NB, the admin rights will be passed in the query_string as admin=1
42        # - the only case that access may be denied to admin is when they are
43        # attempting to access the main home page - in this case they need to
44        # be redirected to the home page with the admin flag set on it
45        queryString = environ.get('QUERY_STRING', '')
46        path = environ.get('PATH_INFO', '')
47        if path == '/home' and '?' + queryString != ADMIN_PARAMETER:
48            return self.redirect("%s%s" %(path, ADMIN_PARAMETER))
49        else:
50            response = \
51"""Error: You do not currently have access rights to view this resource.
52\n\n
53Please contact the site administrator, if this needs to be arranged.
54"""
55
56            return self._setErrorResponse(code=403, msg=response)
57       
Note: See TracBrowser for help on using the repository browser.