Grant roles and logins based on IP address.
On each request, ip_map is checked against REMOTE_ADDR and logins and roles are assigned based on that.
ip_map is a map of {ip_mask: (username, roles)}. Either username or roles may be None. Roles may also be prefixed with -, like '-system' meaning that role should be revoked. '__remove__' for a username will remove the username.
If clobber_username is true (default) then any user specification will override the current value of REMOTE_USER. '__remove__' will always clobber the username.
ip_mask is something that paste.util.ip4:IP4Range can parse. Simple IP addresses, IP/mask, ip<->ip ranges, and hostnames are allowed.
Grant roles or usernames based on IP addresses.
Config looks like this:
[filter:grant]
use = egg:Paste#grantip
clobber_username = true
# Give localhost system role (no username):
127.0.0.1 = -:system
# Give everyone in 192.168.0.* editor role:
192.168.0.0/24 = -:editor
# Give one IP the username joe:
192.168.0.7 = joe
# And one IP is should not be logged in:
192.168.0.10 = __remove__:-editor