import sqlahelper
from pyramid_beaker import set_cache_regions_from_settings
from pyramid.authentication import AuthTktAuthenticationPolicy
-from pyramid.authorization import ACLAuthorizationPolicy
from pyramid.config import Configurator
from pyramid.httpexceptions import HTTPNotFound
from pyramid.renderers import JSONP
from sqlalchemy import engine_from_config
from xonstat.models import initialize_db
from xonstat.views import *
+from xonstat.security import *
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
# set up beaker cache
set_cache_regions_from_settings(settings)
- config = Configurator(settings=settings)
+ config = Configurator(settings=settings, root_factory=ACLFactory)
# mako for templating
config.include('pyramid_mako')
# authentication and authorization policies.
config.include('pyramid_persona')
+ # override the authn policy to provide a callback
+ secret = settings.get('persona.secret', None)
+ authn_policy = AuthTktAuthenticationPolicy(secret, callback=groupfinder, hashalg='sha512')
+ config.set_authentication_policy(authn_policy)
+
# for json-encoded responses
config.add_renderer('jsonp', JSONP(param_name='callback'))
- # authentication and authorization policies
- authn_policy = AuthTktAuthenticationPolicy('secret', hashalg='sha512')
- authz_policy = ACLAuthorizationPolicy()
- config.set_authentication_policy(authn_policy)
- config.set_authorization_policy(authz_policy)
-
# for static assets
config.add_static_view('static', 'xonstat:static')
+ # robots
+ config.add_route("robots", "robots.txt")
+ config.add_view(robots, route_name="robots")
+
# for 404s
config.add_view(notfound, context=HTTPNotFound, renderer="404.mako")
config.add_route("login", "/login")
config.add_view(login, route_name="login", check_csrf=True, renderer="json")
- config.add_route("merge", "/merge")
- config.add_view(route_name="merge", renderer="merge.mako", permission="admin")
+ config.add_route("merge", "/admin/merge")
+ config.add_view(merge, route_name="merge", renderer="merge.mako", permission="merge")
return config.make_wsgi_app()