我有以下的代码,我使用pyramid_beaker + gunicorn + pyramid_jinja2。
我注意到,当用户登录时,如果我赶紧和反复做了“GET”到“http://my_server_ip_adress/addClientPersonne”,我有很多次权限拒绝为如果登录用户没有“add_client”权限这是不正常的。当进行“打印会话”我可以看到,有时会拥有所有的认证信息,以允许用户访问上面的链接,但没有其他时间它和接入是否认......也许我对pyramid_beaker配置不是很好?有什么建议么?
谢谢。
my production.ini file
[app:main]
use = egg:annuaireldap#main
pyramid.includes = pyramid_beaker
pyramid_jinja2
session.key = annuaireldap
session.secret = iuyryoiuiytghvfs-tifrsztft
session.cookie_on_exception = true
session.type = memory
my views.py
@view_config(route_name="Menu", renderer='templates/menu.jinja2', request_method='GET')
def menu(request):
bootstrap_css_url = request.static_url('annuaireldap:static/bootstrap.min.css')
bootstrap_js_url = request.static_url('annuaireldap:static/bootstrap.min.js')
jquery_js_url = request.static_url('annuaireldap:static/jquery.min.js')
custom_css_url = request.static_url('annuaireldap:static/custom_css.css')
to_rend = {'bootstrap_css':bootstrap_css_url,'bootstrap_js':bootstrap_js_url,'jquery_js':jquery_js_url,'custom_css':custom_css_url}
to_rend.update({'Menu_1':request.route_url('addClientPersonne'),
'Menu_2':request.route_url('addClientEntreprise'),
'Menu_3':request.route_url('SeeAll')})
return to_rend
@view_config(route_name='SeeAll', renderer='templates/menu.jinja2', request_method=('GET', 'POST'))
def seeall(request):
return {}
@view_config(route_name='login', renderer='templates/login.jinja2',
request_method=('GET', 'POST'))
def login(request):
bootstrap_css_url = request.static_url('annuaireldap:static/bootstrap.min.css')
bootstrap_js_url = request.static_url('annuaireldap:static/bootstrap.min.js')
jquery_js_url = request.static_url('annuaireldap:static/jquery.min.js')
custom_css_url = request.static_url('annuaireldap:static/custom_css.css')
settings = request.registry.settings
server_uri = settings['server_uri']
rendered_form = None
base_dn_user = settings['base_dn_user']
cl = Credentials().bind(request=request)
se_connecter = deform.form.Button(name='se_connecter',
title='se connecter')
form = deform.form.Form(cl, buttons=(se_connecter,))
url_redirect = request.route_url('login')
session = request.session
session.save()
if authenticated_userid(request):
url_redirect = request.route_url("Menu")
resp = HTTPFound(location=url_redirect)
return request.response.merge_cookies(resp)
if request.method == 'POST':
if 'se_connecter' in request.POST:
try:
deserialized = form.validate(request.POST.items())
username = deserialized['username']
password = deserialized['password']
server = Server(server_uri)
user_dn = 'uid=%s,%s'%(username, base_dn_user)
user_dn = 'cn=admin,dc=splynx,dc=lan'
password = '1235789'
conn = Connection(server, user=user_dn, password=password)
if conn.bind():
session[username] = ['agent']
remember(request, username)
url_redirect = request.route_url('Menu')
resp = HTTPFound(location=url_redirect)
return request.response.merge_cookies(resp)
except ValidationFailure as e:
rendered_form = e.render()
else:
rendered_form = form.render()
return {'bootstrap_css':bootstrap_css_url,
'bootstrap_js':bootstrap_js_url,
'jquery_js':jquery_js_url,
'rendered_form':rendered_form,
'custom_css':custom_css_url}
@view_config(route_name='addClientPersonne', permission='add_client',
request_method=('GET', 'POST'), renderer='templates/addPersonne.jinja2')
def addClientPersonne(request):
bootstrap_css_url = request.static_url('annuaireldap:static/bootstrap.min.css')
bootstrap_js_url = request.static_url('annuaireldap:static/bootstrap.min.js')
jquery_js_url = request.static_url('annuaireldap:static/jquery.min.js')
custom_css_url = request.static_url('annuaireldap:static/custom_css.css')
rendered_form = None
settings = request.registry.settings
cl = ClientPersonne().bind(request=request)
ajouter = deform.form.Button(name='Ajouter',
title='Ajouter')
form = deform.form.Form(cl, buttons=(ajouter,))
request.session.save()
if request.method == 'POST':
if 'Ajouter' in request.POST:
try:
server_uri = settings['server_uri']
server = Server(server_uri)
deserialized = form.validate(request.POST.items())
nom = deserialized['nom']
prenom = deserialized['prenom']
telephone = deserialized['telephone']
description = deserialized['description']
description = "" if description == colander.null else description
creator_dn = settings['creator_dn']
creator_pwd = settings['creator_pwd']
conn = Connection(server, user=creator_dn, password=creator_pwd)
base_clients_personnes = settings['base_clients_personnes']
new_user_dn = 'uid=%s,%s'%(get_token(14), base_clients_personnes)
if conn.bind():
attributes = {'telephoneNumber':telephone,
'sn':nom,
'cn':prenom}
if description:
attributes['description'] = description
conn.add(new_user_dn, ['person', 'uidObject'], attributes)
conn.unbind()
url_redirect = request.route_url('Menu')
resp = HTTPFound(location=url_redirect)
return request.response.merge_cookies(resp)
except ValidationFailure as e:
rendered_form = e.render()
except Exception as e:
rendered_form = form.render()
else:
rendered_form = form.render()
return {'bootstrap_css':bootstrap_css_url,
'bootstrap_js':bootstrap_js_url,
'jquery_js':jquery_js_url,
'rendered_form':rendered_form,
'custom_css':custom_css_url}
my root factory
class CustomResourceFactory():
__acl__ = [
(Allow, 'agent', {'add_client', 'modify_client', 'view_client', 'delete_client'}),
DENY_ALL
]
def __init__(self, request):
print "concombre"
pass
如果你已经gunicorn配置成叉,那么你不能使用内存中会话店,因为它不会在进程间共享。您可以确认这是通过关闭在gunicorn分叉或切换到喜欢的女服务员不fork一个WSGI服务器的问题。
问题是与gunicorn多个工人。如果你运行这段代码有一个工人会运行良好。在用户会话是在内存中为工人,也不会从其他员工都可以访问。
所以,当你登录用户详细信息将仅与该工人和命中下一个GET调用请求会去不同的地方的工人也不会得到用户的细节,它会拒绝你的要求。