source: TI01-discovery/trunk/OAIInfoEditor/oai_info_editor/lib/security_redirector.py @ 6045

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI01-discovery/trunk/OAIInfoEditor/oai_info_editor/lib/security_redirector.py@6045
Revision 6045, 2.2 KB checked in by sdonegan, 10 years ago (diff)

Updating Phils patch to svn to handle login/logout(?) and default admin behavior

Line 
1#!/usr/bin/env python
2"""
3WSGI Authorization handler - to handle redirection following access failure
4- NB, this is used mainly to redirect from the non-admin to the admin role or
5from the non-system user to the error page
6
7NERC DataGrid Project
8"""
9__author__ = "C Byrom"
10__date__ = "29/06/09"
11__copyright__ = "(C) 2009 Science and Technology Facilities Council"
12__license__ = "BSD - see LICENSE file in top-level directory"
13__contact__ = "Philip.Kershaw@stfc.ac.uk"
14__revision__ = '$Id$'
15import logging
16
17
18import unittest
19import os
20from urlparse import urlunsplit
21
22from os.path import expandvars as xpdVars
23from os.path import join as jnPath
24mkPath = lambda file: jnPath(os.environ['NDGSEC_COMBINED_SRVS_UNITTEST_DIR'], 
25                             file)
26
27import paste.fixture
28from paste.deploy import loadapp
29from ndg.security.server.wsgi import NDGSecurityMiddlewareBase
30from ndg.security.server.wsgi.authz import PIPMiddlewareConfigError, \
31    PEPResultHandlerMiddleware
32from ndg.security.common.authz.msi import Response
33from oai_info_editor.lib.base import *
34from oai_info_editor.controllers.master import ADMIN_PARAMETER
35
36class RedirectFollowingAccessDenied(PEPResultHandlerMiddleware):
37    mountPoint = '/oai-info-editor'
38   
39    @NDGSecurityMiddlewareBase.initCall
40    def __call__(self, environ, start_response):
41       
42        # NB, the admin rights will be passed in the query_string as admin=1
43        # - the only case that access may be denied to admin is when they are
44        # attempting to access the main home page - in this case they need to
45        # be redirected to the home page with the admin flag set on it
46        queryString = environ.get('QUERY_STRING', '')
47        path = environ.get('PATH_INFO', '')
48#        if path == '/home' and '?' + queryString != ADMIN_PARAMETER:
49        if '?' + queryString != ADMIN_PARAMETER:
50            return self.redirect("%s%s%s" %(RedirectFollowingAccessDenied.mountPoint,
51                                            path, ADMIN_PARAMETER))
52        else:
53            response = \
54"""Error: You do not currently have access rights to view this resource.
55\n\n
56Please contact the site administrator, if this needs to be arranged.
57"""
58
59            return self._setErrorResponse(code=403, msg=response)
60       
Note: See TracBrowser for help on using the repository browser.