On Wed, Oct 15, 2008 at 3:29 PM, Mike Orr <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 15, 2008 at 3:22 PM, MilesTogoe <[EMAIL PROTECTED]> wrote:
>>
>> Mike Orr wrote:
>>> On Wed, Oct 15, 2008 at 11:03 AM, Steven <[EMAIL PROTECTED]> wrote:
>>>
>>>> I'm a newbie trying to get a grasp on what options I have for
>>>> Authentication and Authorization. From reading the docs and the
>>>> pylonsbook.com I've found 2 options so far:
>>>>
>>>> repoze.who (ported from Zope)
>>>> AuthKit (work in progress? )
>>>>
>>>> Are there others?
>>>>
>>>
>>> Building your own is popular. I have a login form and a two-mode
>>> authentication that uses LDAP or a database depending on the
>>> username's syntax. I have several classes called Permsets
>>> ("permission sets") with boolean attributes to describe what
>>> permissions a type of user has.
>>>
>>> Then I have a require_perm() function that takes the expected
>>> permission name and arguments, and aborts 403 if forbidden. My base
>>> controller has a .__before__ that does authentication, and controllers
>>> can have a class attribtute describing the most lenient permission
>>> common to all the actions. Then individual actions can do more
>>> restrictive tests; e.g., can the user view or edit a particular
>>> database record?
>>>
>>> A companion function has_perm() tells whether something is alllowed,
>>> which tells me whether to generate links to restricted pages.
>>>
>>> If you want to use Basic Authentication rather than a login form, you
>>> have to look up the proper HTML statuses and headers to trigger it.
>>> That's where repoze.who and AuthKit come in especially handy tcause
>>> they do all that for you.
>>>
>>>
>> wondering how this is read between pages - it seems like wsgi middleware
>> has a lot to offer here but aside from packages such as beaker, haven't
>> seen much write up on it. If you haven't already, this would make a
>> good "pylons cookbook" recipe since it's one of those core functions
>> that most have to do.
>
> I haven't used either system so somebody else would have to do this.
Oh, you mean my system? Yeah, I can do this, but I've got a deadline
this week so it won't be till later.
--
Mike Orr <[EMAIL PROTECTED]>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
