diff options
Diffstat (limited to 'muck/authz.py')
| -rw-r--r-- | muck/authz.py | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/muck/authz.py b/muck/authz.py index e9336b8..c48294c 100644 --- a/muck/authz.py +++ b/muck/authz.py @@ -13,10 +13,27 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. -# import muck +import muck class AuthorizationChecker: - def request_is_allowed(self, r): - return False and r + def __init__(self, signing_key_text): + self._tc = muck.TokenChecker(signing_key_text.strip().encode('ascii')) + + def request_is_allowed(self, r, required_scopes): + token = self._get_token(r) + if token is None: + return False + + scope = token.get('scope', '') + scopes = set(scope.split()) + required_scopes = set(required_scopes) + return scopes.intersection(required_scopes) == required_scopes + + def _get_token(self, r): + authz = r.get_authorization() + try: + return self._tc.parse_header(authz) + except muck.Error: + return None |