python flask应用 Principal 授权认证

冰镇可乐

'''
Created on 2012-6-14
@author: wenwen
'''
from flask import Flask, make_response, request, session, render_template, redirect, abort, current_app
from flask_principal import Principal, Permission, UserNeed, RoleNeed, Identity, AnonymousIdentity, identity_changed, identity_loaded
import simplejson as json
from bson import json_util
from datetime import datetime, timedelta
from logging import Formatter
import logging.handlers
import traceback
import paramiko
LOG_FILENAME = 'logs/admin.log'
handler = logging.handlers.RotatingFileHandler(LOG_FILENAME, maxBytes=100000000, backupCount=5)
handler.setFormatter(Formatter('%(asctime)s - %(name)s - %(levelname)s - %(process)d - Line:%(lineno)d - %(message)s'))

# application
app = Flask(__name__)
app.secret_key = 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT'
# load the extension
principals = Principal(app)
# Create a permission with a single Need, in this case a RoleNeed.
all_permission = Permission(RoleNeed('admin'),RoleNeed('operator'))
admin_permission = Permission(RoleNeed('admin'))

@app.before_request
def before_request():
print "----------------------------------------------------------------"

@identity_loaded.connect_via(app)
def on_identity_loaded(sender, identity):
identity.user = session.get("userinfo")
if session.get("userinfo"):
identity.provides.add(UserNeed(session.get("userinfo")['account']))
identity.provides.add(RoleNeed(session.get("userinfo")['roles']))
else:
print "***************"
@app.route("/logout", methods=['GET'])
def logout():
try:
session.pop("userinfo")
# Remove session keys set by Flask-Principal
for key in ('identity.name', 'identity.auth_type'):
session.pop(key, None)
identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity())
except Exception,e:
print e
return "logout"

@app.route("/auth", methods=['GET'])
def auth():
try:
user_info = {"account":"peng.zhou","roles":"admin"}
session["userinfo"] = user_info
identity_changed.send(current_app._get_current_object(),identity=Identity(user_info['account']))
return "login"
except Exception, e:
print e
@app.route("/cooler", methods=['GET'])
@admin_permission.require(http_exception=401)
def getAdminUserList():
return "hello"
#
if __name__ == '__main__':
app.run(host='127.0.0.1', port=8080)