A while back I was working on a complete Pyramid + pyramid_sqla demo to show how you can use authorization with a SQLite database and SQLAlchemy. I just reworked it to use Pyramid + Akhet and it seems to run fine, although there are likely a lot of little inconsistencies or issues to be found here:
http://pyramid.chromaticleaves.com/simpleauth/ If anyone has time to glance through it or go along with it and create the demo, let me know how it works for you and if you find it useful as a standalone project demonstration. If it seems to be what people are looking for I can clean it up and make a recipe out of it. If not, let me know how it could be more useful and I'll do what I can. On Mon, Jul 11, 2011 at 4:15 PM, Matt Feifarek <matt.feifa...@gmail.com>wrote: > On Mon, Jul 11, 2011 at 3:12 PM, Raoul Snyman <raoul.sny...@gmail.com>wrote: > >> I've just spent the better part of the weekend scouring the docs for >> some mention or example of how to do auth (both authentication and >> authorisation) from the database, and gave up and decided to roll my >> own, because I can't see how to do it from the DB. >> > > I can't answer your question as to why there aren't more tutorials. I've > recently done what you are now doing, and found this very helpful: > https://github.com/mmerickel/pyramid_auth_demo > > For me, making __acl__ into a property that is therefore in-effect a > function call allows me to mix more than one kind of "group" or other > credentials. In my case, I have three: > > 1. I have groups that are basically class-level static permissions, > declared in my class definition in an attribute called _class_acls. > > 2. Then I have some credentials that are stored in my database with the > user account object itself, in an attribute called _inst_acls, but could be > a column or whatever. > > 3. and finally I have credentials that are derived at call-time based on > things like the users' id. One could go on and on, of course, having a > "its_a_tuesday_morning" permission, or "user_id_is_divisible_by_7" or > whatever. > > The __acl__ attribute is really running self._get_acls() which assembles > all three types of permission credentials; it was an aha moment for me, and > I'm embarrassed that I didn't think of it sooner; I guess reading the docs > made me think that there might be something "magical" about __acl__ but it's > just an attribute. > > This trick can also be extended to objects that need authorization, as in > the link I pasted. These two "dymanic" tricks make the standard traversal > and acl stuff super powerful. I'm using ZODB, but the principle is the same. > Once you think about __acl__ as something that can be callable, you can > literally do anything. > > I hope this helps, but really, Michael Merickel is the one to thank for the > example. > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To post to this group, send email to pylons-discuss@googlegroups.com. > To unsubscribe from this group, send email to > pylons-discuss+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/pylons-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
