On Mon, Jul 11, 2011 at 3:12 PM, Raoul Snyman <raoul.sny...@gmail.com>wrote:
> I've just spent the better part of the weekend scouring the docs for > some mention or example of how to do auth (both authentication and > authorisation) from the database, and gave up and decided to roll my > own, because I can't see how to do it from the DB. > I can't answer your question as to why there aren't more tutorials. I've recently done what you are now doing, and found this very helpful: https://github.com/mmerickel/pyramid_auth_demo For me, making __acl__ into a property that is therefore in-effect a function call allows me to mix more than one kind of "group" or other credentials. In my case, I have three: 1. I have groups that are basically class-level static permissions, declared in my class definition in an attribute called _class_acls. 2. Then I have some credentials that are stored in my database with the user account object itself, in an attribute called _inst_acls, but could be a column or whatever. 3. and finally I have credentials that are derived at call-time based on things like the users' id. One could go on and on, of course, having a "its_a_tuesday_morning" permission, or "user_id_is_divisible_by_7" or whatever. The __acl__ attribute is really running self._get_acls() which assembles all three types of permission credentials; it was an aha moment for me, and I'm embarrassed that I didn't think of it sooner; I guess reading the docs made me think that there might be something "magical" about __acl__ but it's just an attribute. This trick can also be extended to objects that need authorization, as in the link I pasted. These two "dymanic" tricks make the standard traversal and acl stuff super powerful. I'm using ZODB, but the principle is the same. Once you think about __acl__ as something that can be callable, you can literally do anything. I hope this helps, but really, Michael Merickel is the one to thank for the example. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.