Putting together everything in the previous sections gives us this full authorisation example:
#!/usr/bin/env python # show python where the modules are import sys; sys.path.append('../'); sys.path.append('../../../') import web, web.database # Setup a database connection connection = web.database.connect( adapter="snakesql", database="command-auth" ) cursor = connection.cursor() # Obtain Auth objects import web.auth from web.errors import AuthError admin = web.auth.admin('database', cursor=cursor) # Setup the environment (destroying the existing environment) admin.removeAuthEnvironment(ignoreErrors=True) admin.createAuthEnvironment() # Setup the users and their access rights admin.addApp('cms') admin.addApp('news') admin.addGroup('butcher') admin.addGroup('fishmonger') admin.addRole('add') admin.addRole('edit') admin.addUser(username='james', group='butcher', password='password') admin.addUser(username='sally', group='butcher', password='password') admin.addUser(username='vicki', group='butcher', password='password', active=0) admin.addUser(username='anne', group='fishmonger', password='password') admin.addUser( username='john', group='fishmonger', password='password', firstname='John', surname='Smith', email='john@example.com' ) admin.setLevel('anne', 'news', 2) admin.setLevel('john', 'news', 1) admin.setLevel('anne', 'cms', 1) admin.setLevel('john', 'cms', 2) admin.setRole(username='james', app='cms', role='add') admin.setRole(username='sally', app='cms', role='edit') admin.setRole(username='james', app='news', role='edit') print 'Active Option' print 'Sally: ', admin.user('sally').authorise() print 'Sally: ', admin.user('sally').authorise(active=0) print 'Sally: ', admin.user('sally').authorise(active=None) print 'Vicki: ', admin.user('vicki').authorise() print 'Vicki: ', admin.user('vicki').authorise(active=0) print 'Vicki: ', admin.user('vicki').authorise(active=None) print '' print 'Group Option' print 'Anne: ', admin.user('anne').authorise(group='fishmonger') print 'James: ', admin.user('james').authorise(group='fishmonger') print '' print 'Access Levels' print 'Anne: ', admin.user('anne').authorise(app='news', level=2) print 'John: ', admin.user('john').authorise(app='news', level=2) print 'Anne: ', admin.user('anne').authorise(app='cms', level=2) print 'John: ', admin.user('john').authorise(app='cms', level=2) print '' print 'Roles' print 'James: ', admin.user('james').authorise(app='cms', role='add') print 'Sally: ', admin.user('sally').authorise(app='cms', role='add') print 'Sally: ', admin.user('sally').authorise(app='cms', role='edit') print 'James: ', admin.user('james').authorise(app='news', role='add') print 'James: ', admin.user('james').authorise(app='news', role='edit') print 'Sally: ', admin.user('sally').authorise(app='news', role='edit') print admin.roles() print admin.roleExists('edit') print admin.roleExists('delete') admin.addApp('test') admin.addUser(username='test', password='password') admin.addRole('test') admin.setRole(username='test', app='test', role='test') admin.setLevel('test', 'test', 1) try: admin.removeRole('test') except AuthError,e: print str(e) else: raise Exception('Failed to catch remove role error') admin.removeRole('test', force=1) print admin.roles(username='test') admin.addRole('test') admin.setRole(username='test', app='test', role='test') admin.setRole(username='test', app='cms', role='test') print admin.roles() print admin.roles(username='test') print admin.roles(username='test', app='test') print admin.user('test').roles admin.unsetRole('test','test','test') print admin.user('test').roles print '' print 'Groups' print admin.groups() print admin.groupExists('butcher') print admin.groupExists('newsagents') admin.addGroup('newsagents') admin.user('test').group = 'newsagents' print admin.user('test').group print admin.groups() try: admin.removeGroup('newsagents') except AuthError,e: print str(e) else: raise Exception('Failed to catch remove group error') admin.removeGroup('newsagents', force=1) print admin.groups() print '' print 'Users' print admin.userExists('james') print admin.users() print admin.users(group='butcher') print admin.users(group='butcher', active=0) print admin.users(group='butcher', active=1) print admin.users(app='cms', role='add') print admin.users(group='butcher', app='cms', role='add', active=0) print admin.users(group='butcher', app='cms', role='add', active=1) print admin.users(group='fishmonger', app='cms', role='add') vicki = admin.user('vicki') print vicki.active vicki.active = 1 print admin.user('vicki').active print vicki.firstname vicki.firstname = 'Victoria' print admin.user('vicki').firstname print '' print 'Apps' print admin.apps() print admin.appExists('cms') try: admin.removeApp('test') except AuthError,e: print str(e) else: raise Exception('Failed to catch app in use error') print "App removed" print admin.roles(username='test') print admin.levels(username='test') admin.removeUser('test') print admin.userExists('test') print '' print 'Levels' print admin.levels('anne') admin.setLevel('anne', 'cms', None) print admin.user('anne').levels print print 'Authorise' print admin.user('james').authorise(group='butcher', app='cms', level=1) print admin.user('john').authorise(group='butcher', app='cms', level=1) print admin.user('john').authorise(group='fishmonger', app='cms', level=1) connection.rollback() connection.close()
Note: Since this example is very database intensive you may wish to change the first few lines to use a different database adapter rather than SnakeSQL which runs rather slowly.
You can test this example by running python doc/src/lib/command-web-auth.py
The ouput produced is as follows:
Active Option Sally: True Sally: False Sally: True Vicki: False Vicki: True Vicki: True Group Option Anne: True James: False Access Levels Anne: True John: False Anne: False John: True Roles James: True Sally: False Sally: True James: False James: True Sally: False ('add', 'edit') True False The role 'test' is still in use by the following users: test {} ('add', 'edit', 'test') {'test': 'test', 'cms': 'test'} ('test',) {'test': 'test', 'cms': 'test'} {'cms': 'test'} Groups ('butcher', 'fishmonger') True False newsagents ('butcher', 'fishmonger', 'newsagents') The group 'newsagents' is still in use by the following users: test ('butcher', 'fishmonger') Users True ('james', 'sally', 'vicki', 'anne', 'john', 'test') ('james', 'sally', 'vicki') ('vicki',) ('james', 'sally') ('james',) () ('james',) () 0 1 Victoria Apps ('cms',) True The app 'test' is still in use specifying access levels for the following users: test App removed {'cms': 'test'} {'test': 1} False Levels {'news': 2, 'cms': 1} {'news': 2} Authorise False False True