1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright 2011 United States Government as represented by the
4
# Administrator of the National Aeronautics and Space Administration.
7
# Copyright 2011 Nebula, Inc.
9
# Licensed under the Apache License, Version 2.0 (the "License"); you may
10
# not use this file except in compliance with the License. You may obtain
11
# a copy of the License at
13
# http://www.apache.org/licenses/LICENSE-2.0
15
# Unless required by applicable law or agreed to in writing, software
16
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
17
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
18
# License for the specific language governing permissions and limitations
21
Classes and methods related to user handling in Horizon.
25
def get_user_from_request(request):
26
""" Checks the current session and returns a :class:`~horizon.users.User`.
28
If the session contains user data the User will be treated as
29
authenticated and the :class:`~horizon.users.User` will have all
32
If not, the :class:`~horizon.users.User` will have no attributes set.
34
If the session contains invalid data,
35
:exc:`~horizon.exceptions.NotAuthorized` will be raised.
37
if 'user' not in request.session:
40
return User(token=request.session['token'],
41
user=request.session['user'],
42
tenant_id=request.session['tenant_id'],
43
tenant_name=request.session['tenant'],
44
service_catalog=request.session['serviceCatalog'],
45
roles=request.session['roles'])
47
# If any of those keys are missing from the session it is
48
# overwhelmingly likely that we're dealing with an outdated session.
49
request.session.clear()
50
raise exceptions.NotAuthorized(_("Your session has expired. "
51
"Please log in again."))
54
class LazyUser(object):
55
def __get__(self, request, obj_type=None):
56
if not hasattr(request, '_cached_user'):
57
request._cached_user = get_user_from_request(request)
58
return request._cached_user
62
""" The main user class which Horizon expects.
66
The id of the Keystone token associated with the current user/tenant.
68
.. attribute:: username
70
The name of the current user.
72
.. attribute:: tenant_id
74
The id of the Keystone tenant for the current user/token.
76
.. attribute:: tenant_name
78
The name of the Keystone tenant for the current user/token.
80
.. attribute:: service_catalog
82
The ``ServiceCatalog`` data returned by Keystone.
86
A list of dictionaries containing role names and ids as returned
91
Boolean value indicating whether or not this user has admin
92
privileges. Internally mapped to :meth:`horizon.users.User.is_admin`.
94
def __init__(self, token=None, user=None, tenant_id=None,
95
service_catalog=None, tenant_name=None, roles=None):
98
self.tenant_id = tenant_id
99
self.tenant_name = tenant_name
100
self.service_catalog = service_catalog
101
self.roles = roles or []
103
def is_authenticated(self):
105
Evaluates whether this :class:`.User` instance has been authenticated.
106
Returns ``True`` or ``False``.
108
# TODO: deal with token expiration
113
return self.is_admin()
117
Evaluates whether this user has admin privileges. Returns
118
``True`` or ``False``.
120
for role in self.roles:
121
if role['name'].lower() == 'admin':