policy.py 文件源码

def __call__(self, f):
        @functools.wraps(f)
        def secure_handler(slf, req, resp, *args, **kwargs):
            ctx = req.context

            policy_engine = ctx.policy_engine

            self.logger.debug("Enforcing policy %s on request %s" %
                              (self.action, ctx.request_id))

            if policy_engine is not None and policy_engine.authorize(
                    self.action, ctx):
                return f(slf, req, resp, *args, **kwargs)
            else:
                if ctx.authenticated:
                    slf.info(
                        ctx,
                        "Error - Forbidden access - action: %s" % self.action)
                    slf.return_error(
                        resp,
                        falcon.HTTP_403,
                        message="Forbidden",
                        retry=False)
                else:
                    slf.info(ctx, "Error - Unauthenticated access")
                    slf.return_error(
                        resp,
                        falcon.HTTP_401,
                        message="Unauthenticated",
                        retry=False)

        return secure_handler