~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/studpath.py

• browse files at revision 1092.1.53
• compare with another revision
• compare with revision 1099.1.105
• download diff
• download tarball
• view history from revision 1092.1.53

Show diffs side-by-side

added

removed

ivle/studpath.py

132

132

        return False

133

133

 

134

134

 

135

 

def authorize(req):

 

135

def authorize(req, user):

136

136

    """Given a request, checks whether req.user is allowed to

137

137

    access req.path. Returns None on authorization success. Raises

138

138

    HTTP_FORBIDDEN on failure.

145

145

    urlpath = os.path.normpath(req.path)

146

146

    # Now if it begins with ".." or separator, then it's illegal

147

147

    if urlpath.startswith("..") or urlpath.startswith(os.sep):

148

 

        req.throw_error(req.HTTP_FORBIDDEN)

 

148

        return False

149

149

 

150

150

    (owner, _) = util.split_path(urlpath)

151

 

    if req.user.login != owner:

152

 

        req.throw_error(req.HTTP_FORBIDDEN)

 

151

    if user.login != owner:

 

152

        return False

 

153

    return True

153

154

 

154

155

def authorize_public(req):

155

156

    """A different kind of authorization. Rather than making sure the

162

163

    raised on failure.

163

164

    """

164

165

    _, path = url_to_local(req.path)

165

 

    dirpath, _ = os.path.split(path)

166

 

    if not (worldreadable(dirpath) and published(dirpath)):

167

 

        req.throw_error(req.HTTP_FORBIDDEN)

 

166

 

 

167

    # Walk up the tree, and find the deepest directory.

 

168

    while not os.path.isdir(path):

 

169

        path = os.path.dirname(path)

 

170

 

 

171

    if not (worldreadable(path) and published(path)):

 

172

        return False

 

173

    return True

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.1