On Wed, Oct 15, 2008 at 11:03 AM, Steven <[EMAIL PROTECTED]> wrote:
>
> I'm a newbie trying to get a grasp on what options I have for
> Authentication and Authorization. From reading the docs and the
> pylonsbook.com I've found 2 options so far:
>
> repoze.who (ported from Zope)
> AuthKit (work in progress? )
>
> Are there others?
Building your own is popular. I have a login form and a two-mode
authentication that uses LDAP or a database depending on the
username's syntax. I have several classes called Permsets
("permission sets") with boolean attributes to describe what
permissions a type of user has.
Then I have a require_perm() function that takes the expected
permission name and arguments, and aborts 403 if forbidden. My base
controller has a .__before__ that does authentication, and controllers
can have a class attribtute describing the most lenient permission
common to all the actions. Then individual actions can do more
restrictive tests; e.g., can the user view or edit a particular
database record?
A companion function has_perm() tells whether something is alllowed,
which tells me whether to generate links to restricted pages.
If you want to use Basic Authentication rather than a login form, you
have to look up the proper HTML statuses and headers to trigger it.
That's where repoze.who and AuthKit come in especially handy because
they do all that for you.
--
Mike Orr <[EMAIL PROTECTED]>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
