1 import logging
2
3 from turbogears import config, identity
4 from turbogears.database import bind_metadata, session
5 from turbogears.util import load_class
6
7 from sqlalchemy.orm import class_mapper
8 try:
9 from sqlalchemy.exc import IntegrityError
10 except ImportError:
11 from sqlalchemy.exceptions import IntegrityError
12
13
14 log = logging.getLogger("turbogears.identity.saprovider")
15
16
17
18
19 user_class = None
20 group_class = None
21 permission_class = None
22 visit_class = None
26 """Identity that uses a model from a database (via SQLAlchemy)."""
27
28 - def __init__(self, visit_key=None, user=None):
34
35 @property
48
49 @property
51 """Get user name of this identity."""
52 if not self.user:
53 return None
54 return self.user.user_name
55
56 @property
58 """Get user id of this identity."""
59 if not self.user:
60 return None
61 return self.user.user_id
62
63 @property
65 """Return true if not logged in."""
66 return not self.user
67
68 @property
70 """Get set of permission names of this identity."""
71 try:
72 return self._permissions
73 except AttributeError:
74
75 pass
76 if not self.user:
77 self._permissions = frozenset()
78 else:
79 self._permissions = frozenset(
80 p.permission_name for p in self.user.permissions)
81 return self._permissions
82
83 @property
85 """Get set of group names of this identity."""
86 try:
87 return self._groups
88 except AttributeError:
89
90 pass
91 if not self.user:
92 self._groups = frozenset()
93 else:
94 self._groups = frozenset(g.group_name for g in self.user.groups)
95 return self._groups
96
97 @property
99 """Get set of group IDs of this identity."""
100 try:
101 return self._group_ids
102 except AttributeError:
103
104 pass
105 if not self.user:
106 self._group_ids = frozenset()
107 else:
108 self._group_ids = frozenset(g.group_id for g in self.user.groups)
109 return self._group_ids
110
111 @property
118
119 @property
123
140
149
152 """IdentityProvider that uses a model from a database (via SQLAlchemy)."""
153
155 super(SqlAlchemyIdentityProvider, self).__init__()
156 glob_ns = globals()
157
158 for classname in ('user', 'group', 'permission', 'visit'):
159 default_classname = '.TG_' + (classname == 'visit'
160 and 'VisitIdentity' or classname.capitalize())
161 class_path = config.get("identity.saprovider.model.%s" % classname,
162 __name__ + default_classname)
163 class_ = load_class(class_path)
164 if class_:
165 log.info('Successfully loaded "%s".', class_path)
166 glob_ns['%s_class' % classname] = class_
167 else:
168 log.error('Could not load class "%s". Check '
169 'identity.saprovider.model.%s setting', class_path, classname)
170
175
183
209
211 """Check the user_name and password against existing credentials.
212
213 Note: user_name is not used here, but is required by external
214 password validation schemes that might override this method.
215 If you use SqlAlchemyIdentityProvider, but want to check the passwords
216 against an external source (i.e. PAM, LDAP, Windows domain, etc),
217 subclass SqlAlchemyIdentityProvider, and override this method.
218
219 """
220 return user.password == self.encrypt_password(password)
221
223 """Lookup the principal represented by user_name.
224
225 Return None if there is no principal for the given user ID.
226
227 Must return an object with the following properties:
228 user_name: original user name
229 user: a provider dependent object (TG_User or similar)
230 groups: a set of group names
231 permissions: a set of permission names
232
233 """
234 return SqlAlchemyIdentity(visit_key)
235
237 """Return anonymous identity.
238
239 Must return an object with the following properties:
240 user_name: original user name
241 user: a provider dependent object (TG_User or similar)
242 groups: a set of group names
243 permissions: a set of permission names
244
245 """
246 return SqlAlchemyIdentity()
247
251