from django.contrib.auth.decorators import permission_required

class RequirePermissionMiddleware(object):
    """
    Middleware component that wraps the permission_check decorator around 
    views for matching URL patterns. To use, add the class to 
    MIDDLEWARE_CLASSES and define RESTRICTED_URLS and 
    RESTRICTED_URLS_EXCEPTIONS in your settings.py.
    
    For example:
    
    RESTRICTED_URLS = (
                          (r'/topsecet/(.*)$', 'auth.access_topsecet'),
                      )
    RESTRICTED_URLS_EXCEPTIONS = (
                          r'/topsecet/login(.*)$', 
                          r'/topsecet/logout(.*)$',
                      )
                      
    RESTRICTED_URLS is where you define URL patterns and their associated 
    required permissions. Each URL pattern must be a valid regex. 
    
    RESTRICTED_URLS_EXCEPTIONS is, conversely, where you explicitly define 
    any exceptions (like login and logout URLs).
    """
    def __init__(self):
        self.restricted = tuple([(re.compile(url[0]), url[1]) for url in settings.RESTRICTED_URLS])
        self.exceptions = tuple([re.compile(url) for url in settings.RESTRICTED_URLS_EXCEPTIONS])
        
    def process_view(self,request,view_func,view_args,view_kwargs):
        # An exception match should immediately return None
        for path in self.exceptions:
            if path.match(request.path): return None            
        # Requests matching a restricted URL pattern are returned 
        # wrapped with the permission_required decorator
        for rule in self.restricted:
            url, required_permission = rule[0], rule[1]
            if url.match(request.path): 
                return permission_required(required_permission)(view_func)(request,*view_args,**view_kwargs)             
        # Explicitly return None for all non-matching requests
        return None