c339189b44
Switch to using the self-contained django_openstack_auth
package which is a proper django.contrib.auth pluggable
backend.
Notable functional improvements include:
* Better overall security via use of standard Django
auth code (well-vetted by security experts).
* Token expiration checking.
* User "enabled" attribute checking.
* Support for full range of Django auth attributes
such as is_anonymous, is_active, is_superuser, etc.
* Improved hooks for RBAC/permission-based acess control.
Regarding the RBAC/permission-based access control, this
patch moves all "role" and "service"-oriented checks to
permission checks. This will make transitioning to
policy-driven checking much easier once that fully lands
in OpenStack.
Implements blueprint move-keystone-support-to-django-auth-backend
Change-Id: I4f3112af797aff8c4c5e9930c6ca33a70e45589d
54 lines
1.9 KiB
Python
54 lines
1.9 KiB
Python
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright 2012 Nebula, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from django import shortcuts
|
|
from django.views import generic
|
|
|
|
import horizon
|
|
from horizon import exceptions
|
|
|
|
|
|
def user_home(request):
|
|
""" Reversible named view to direct a user to the appropriate homepage. """
|
|
return shortcuts.redirect(horizon.get_user_home(request.user))
|
|
|
|
|
|
class APIView(generic.TemplateView):
|
|
""" A quick class-based view for putting API data into a template.
|
|
|
|
Subclasses must define one method, ``get_data``, and a template name
|
|
via the ``template_name`` attribute on the class.
|
|
|
|
Errors within the ``get_data`` function are automatically caught by
|
|
the :func:`horizon.exceptions.handle` error handler if not otherwise
|
|
caught.
|
|
"""
|
|
def get_data(self, request, context, *args, **kwargs):
|
|
"""
|
|
This method should handle any necessary API calls, update the
|
|
context object, and return the context object at the end.
|
|
"""
|
|
raise NotImplementedError("You must define a get_data method "
|
|
"on %s" % self.__class__.__name__)
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
context = self.get_context_data(**kwargs)
|
|
try:
|
|
context = self.get_data(request, context, *args, **kwargs)
|
|
except:
|
|
exceptions.handle(request)
|
|
return self.render_to_response(context)
|