1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright 2012 United States Government as represented by the
4
# Administrator of the National Aeronautics and Space Administration.
7
# Copyright 2012 Nebula, Inc.
9
# Licensed under the Apache License, Version 2.0 (the "License"); you may
10
# not use this file except in compliance with the License. You may obtain
11
# a copy of the License at
13
# http://www.apache.org/licenses/LICENSE-2.0
15
# Unless required by applicable law or agreed to in writing, software
16
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
18
# License for the specific language governing permissions and limitations
21
Classes and methods related to user handling in Horizon.
26
from django.utils.translation import ugettext as _
28
from horizon import exceptions
31
LOG = logging.getLogger(__name__)
34
def get_user_from_request(request):
35
""" Checks the current session and returns a :class:`~horizon.users.User`.
37
If the session contains user data the User will be treated as
38
authenticated and the :class:`~horizon.users.User` will have all
41
If not, the :class:`~horizon.users.User` will have no attributes set.
43
If the session contains invalid data,
44
:exc:`~horizon.exceptions.NotAuthorized` will be raised.
46
if 'user_id' not in request.session:
49
return User(id=request.session['user_id'],
50
token=request.session['token'],
51
user=request.session['user_name'],
52
tenant_id=request.session['tenant_id'],
53
tenant_name=request.session['tenant'],
54
service_catalog=request.session['serviceCatalog'],
55
roles=request.session['roles'])
57
# If any of those keys are missing from the session it is
58
# overwhelmingly likely that we're dealing with an outdated session.
59
LOG.exception("Error while creating User from session.")
60
request.session.clear()
61
raise exceptions.NotAuthorized(_("Your session has expired. "
62
"Please log in again."))
65
class LazyUser(object):
66
def __get__(self, request, obj_type=None):
67
if not hasattr(request, '_cached_user'):
68
request._cached_user = get_user_from_request(request)
69
return request._cached_user
73
""" The main user class which Horizon expects.
77
The id of the Keystone token associated with the current user/tenant.
79
.. attribute:: username
81
The name of the current user.
83
.. attribute:: tenant_id
85
The id of the Keystone tenant for the current user/token.
87
.. attribute:: tenant_name
89
The name of the Keystone tenant for the current user/token.
91
.. attribute:: service_catalog
93
The ``ServiceCatalog`` data returned by Keystone.
97
A list of dictionaries containing role names and ids as returned
102
Boolean value indicating whether or not this user has admin
103
privileges. Internally mapped to :meth:`horizon.users.User.is_admin`.
105
def __init__(self, id=None, token=None, user=None, tenant_id=None,
106
service_catalog=None, tenant_name=None, roles=None,
107
authorized_tenants=None):
111
self.tenant_id = tenant_id
112
self.tenant_name = tenant_name
113
self.service_catalog = service_catalog
114
self.roles = roles or []
115
self.authorized_tenants = authorized_tenants
117
def is_authenticated(self):
119
Evaluates whether this :class:`.User` instance has been authenticated.
120
Returns ``True`` or ``False``.
122
# TODO: deal with token expiration
127
return self.is_admin()
131
Evaluates whether this user has admin privileges. Returns
132
``True`` or ``False``.
134
for role in self.roles:
135
if role['name'].lower() == 'admin':
139
def get_and_delete_messages(self):
141
Placeholder function for parity with
142
``django.contrib.auth.models.User``.