def authorize(arg):
"""Decorator for checking the policy on API methods.
Add this decorator to any API method which takes a request object
as the first parameter and belongs to a class which inherits from
wsgi.Controller. The class must also have a class member called
'resource_name' which specifies the resource for the policy check.
Can be used in any of the following forms
@authorize
@authorize('my_action_name')
:param arg: Can either be the function being decorated or a str
containing the 'action' for the policy check. If no action name is
provided, the function name is assumed to be the action name.
"""
action_name = None
def decorator(f):
@functools.wraps(f)
def wrapper(self, req, *args, **kwargs):
action = action_name or f.__name__
context = req.environ['meteos.context']
try:
policy.check_policy(context, self.resource_name, action)
except exception.PolicyNotAuthorized:
raise webob.exc.HTTPForbidden()
return f(self, req, *args, **kwargs)
return wrapper
if callable(arg):
return decorator(arg)
else:
action_name = arg
return decorator
评论列表
文章目录
