Other packages are installed automatically:
pyramid pyramid_redis_sessions python-upwork
To activate jinja2 renderer, install:
pip install pyramid_jinja2
Install with pip:
pip install pyramid_upwork
or using easy_install:
You need to create Upwork API keys of the type Web and set appropriate permissions to the generated API key.
You can take a look at the pyramid_upwork_example application or use the instructions below.
Include following settings in your *.ini file:
[app:main] ... # Redis session settings redis.sessions.secret = FILL ME # upwork settings upwork.api.key = FILL ME upwork.api.secret = FILL ME
Then in your project’s __init__.py define the following function:
def get_acl_group(user_uid, request): """Here goes your ACL logic.""" # All authenticated users have ``view`` permission return 'view'
Define a RootFactory in your models.py:
class RootFactory(object): """This object sets the security for our application.""" __acl__ = [ (Allow, Authenticated, 'view'), (Deny, Authenticated, 'login'), (Allow, Everyone, 'login'), ] def __init__(self, request): pass
Now register get_acl_group() function in the config registry to make authorization work. Put in your main method:
def get_acl_group(request): return ('view',) def main(global_config, **settings): """Main app configuration binding.""" config = Configurator(settings=settings, root_factory="myapp.models.RootFactory") # ACL authorization callback for pyramid-upwork config.registry.get_acl_group = get_acl_group # External includes config.include('pyramid_upwork') # Views and routing goes here # ... # config.add_view('myapp.views.MainPage', renderer='templates/main.jinja2', permission='view') return config.make_wsgi_app()
You can provide custom forbidden.jinja2 template by overriding asset in your __init__.py:
# Override forbidden template config.override_asset( to_override='pyramid_upwork:templates/forbidden.jinja2', override_with='myapp:templates/forbidden.jinja2')
See template example in pyramid_upwork/templates/forbidden.jinja2.
The “Logout” action is done also via POST request with CSRF protection, see example of “Logout” buttion in pyramid_upwork_example/templates/layout.jinja2.
The project is made by Cyril Panshine (@CyrilPanshine). Bug reports and pull requests are very much welcomed!
Odesk rebranded to Upwork, now using python-upwork library.
- Due to oDesk Public API change we need to get user information now from client.hr.get_user_me()
- Implement bugfix for case when session is broken and request token and secret are not set.
- Store first and last name in the session for further usage in templates
- Login and Logout actions are performed via POST and has protection against CSRF attacks
- Fix BaseHandler obscuring AttributeError during dispatch
- Use override_offset for overriding forbidden.jinja2 template.
- If user is authenticated but is not authrized for some view, render forbidden page with Log out link instead of redirect to avoid redirect loop
- Initial version.