+groups=["fellowship", "board"]
+
+@app.before_request
+def lookup_user():
+ env = request.environ
+ user = None
+ if "USER_ROLES" in env:
+ parts = env.get("USER_ROLES").split("/", 1)
+ user = parts[0]
+ roles = parts[1]
+
+ if "USER" in env and "ROLES" in env:
+ user = env.get("USER")
+ roles = env.get("ROLES")
+
+ if user is None:
+ return "Server misconfigured", 500
+ roles = roles.split(" ")
+
+ if user == "<invalid>":
+ return "Access denied", 403;
+
+ db = get_db()
+ with db.xact():
+ rv = db.prepare("SELECT id FROM voter WHERE email=$1")(user)
+ if len(rv) == 0:
+ db.prepare("INSERT INTO voter(\"email\") VALUES($1)")(user)
+ rv = db.prepare("SELECT id FROM voter WHERE email=$1")(user)
+ g.voter = rv[0].get("id");
+ g.user = user
+ g.roles = {}
+
+ for r in roles:
+ a = r.split(":", 1)
+ val = a[1]
+ if a[0] not in g.roles:
+ g.roles[a[0]] = []
+ if val == "*":
+ g.roles[a[0]] = groups
+ else:
+ g.roles[a[0]].append(val)
+ return None
+
+def get_allowed_cats(action):
+ return g.roles.get(action, []);
+
+def may(action, motion):
+ return motion in get_allowed_cats(action)