Вы можете использовать Authkit (http://authkit.org) и «авторизовать» декоратор:
from authkit.authorize.pylons_adaptors import authorize
from authkit.permissions import RemoteUser
class MainController(BaseController):
@authorize(RemoteUser())
def index(self):
pass
Вы можете написать свой собственный класс разрешений, напр.(это часть какого-то старого проекта, проверьте его, если хотите его использовать):
class HasPerm(RequestPermission):
def __init__(self, perms, all=False, error=None):
if isinstance(perms, str):
perms = [perms]
self.all = all
self.perms = perms
self.error = error
self.full_access = "ADMIN"
def check(self, app, environ, start_response):
if not environ.has_key('REMOTE_USER'):
if self.error:
raise self.error
raise NotAuthenticatedError('Not authenticated')
user = Session.query(User)
user = user.filter_by(name=environ['REMOTE_USER']).first()
if not user:
raise NotAuthorizedError('No such user')
if user.blocked:
raise NotAuthorizedError('User blocked')
user_perms = [x.name for x in user.permissions]
if self.full_access in user_perms:
return app(environ, start_response)
for p in self.perms:
checked_perm = model.Permission.get_by(name=p)
if not checked_perm:
raise NotAuthorizedError("There is no permission")
if checked_perm.name in user_perms and not self.all:
return app(environ, start_response)
if checked_perm.name not in user_perms and self.all:
raise NotAuthorizedError("User has no permission")
raise NotAuthorizedError("User has no permission")