On Wed, Oct 15, 2008 at 3:29 PM, Mike Orr <[EMAIL PROTECTED]> wrote: > On Wed, Oct 15, 2008 at 3:22 PM, MilesTogoe <[EMAIL PROTECTED]> wrote: >> >> Mike Orr wrote: >>> On Wed, Oct 15, 2008 at 11:03 AM, Steven <[EMAIL PROTECTED]> wrote: >>> >>>> I'm a newbie trying to get a grasp on what options I have for >>>> Authentication and Authorization. From reading the docs and the >>>> pylonsbook.com I've found 2 options so far: >>>> >>>> repoze.who (ported from Zope) >>>> AuthKit (work in progress? ) >>>> >>>> Are there others? >>>> >>> >>> Building your own is popular. I have a login form and a two-mode >>> authentication that uses LDAP or a database depending on the >>> username's syntax. I have several classes called Permsets >>> ("permission sets") with boolean attributes to describe what >>> permissions a type of user has. >>> >>> Then I have a require_perm() function that takes the expected >>> permission name and arguments, and aborts 403 if forbidden. My base >>> controller has a .__before__ that does authentication, and controllers >>> can have a class attribtute describing the most lenient permission >>> common to all the actions. Then individual actions can do more >>> restrictive tests; e.g., can the user view or edit a particular >>> database record? >>> >>> A companion function has_perm() tells whether something is alllowed, >>> which tells me whether to generate links to restricted pages. >>> >>> If you want to use Basic Authentication rather than a login form, you >>> have to look up the proper HTML statuses and headers to trigger it. >>> That's where repoze.who and AuthKit come in especially handy tcause >>> they do all that for you. >>> >>> >> wondering how this is read between pages - it seems like wsgi middleware >> has a lot to offer here but aside from packages such as beaker, haven't >> seen much write up on it. If you haven't already, this would make a >> good "pylons cookbook" recipe since it's one of those core functions >> that most have to do. > > I haven't used either system so somebody else would have to do this.
Oh, you mean my system? Yeah, I can do this, but I've got a deadline this week so it won't be till later. -- Mike Orr <[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---