Re: Separate access for internal and external users?
On Tuesday 06 February 2007 02:06, Chris Shenton wrote:
Shannon -jj Behrens [EMAIL PROTECTED] writes:
I think you're on the right path. It sounds like you're having a
hard
time figuring out what you should do than figuring out how to do it.
If I had to implement different access controls based on different
URLs, I'd probably just do it in base.py :-/ My biggest question is
how do you know if someone is internal?
I tried a bit but couldn't get sub paths working and ended up using
AuthKit's form-based auth, and putting auth checks in my private
controllers __init__ method. So internal users (well, our folks) get
a login screen and a menu wrapping the content via autohandler, and
outside folks see no auth screen and no menu. Seems to work but some
of my colleagues are worried about how secure AuthKit really is.
It will be safe if you'll check client's IP. First of:
http://routes.groovie.org/manual.html#conditions
client's IP is reachable thru environ['REMOTE_ADDR'] key, so you can
add function condition to routes and access to controller clients from
inside/outside.
m.connect('private', '/private/:controller/:action/:id', conditions =
dict(function=check_ip_int))
def check_ip_int(environ, match_dict):
if environ['REMOTE_ADDR'] == '127.0.0.1':
return True # allow only local ip
return False # everyone else will be rejected
Other way: add BaseController.__before__ method , where you check ip.
Environment is available via environ keyword in params. Then you can
add some property to inherited controller or it's method for
distinction between 'public'/'internal' part of your app, and check it
in __before__
class BaseController(WSGIController):
def __before__(self, action, **kwds):
remote_addr = kwds['environ']['REMOTE_ADDR']
if self.private:
if remote_addr == '127.0.0.1':
#very local client - allow him execute action
return
else:
return redirect_to('/somewhere/else')
...
class SomeController(BaseController):
def __init__(self):
BaseController.__init__(self):
self.private = True
You can mix both ways.
Best regards,
Cezary Statkiewicz
--
Cezary Statkiewicz - http://thelirium.net
rlu#280280 gg#5223219
jabber://[EMAIL PROTECTED]
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
Re: Paste deprecation
On Feb 6, 2007, at 8:21 AM, Mike Orr wrote: I don't mind the warnings, though I may switch them off (er, where, in the base controller?) I just wanted to make sure they don't get forgotten. My prototype is due in mid March; the final around April or May. Will Pylons have another release by then? What's the plan/schedule for 0.9.5 and 1.0? We're hoping to have 0.9.5 ready for PyCon, its main focus at this point ticket-wise is i18n, unicode, and some documentation. I believe there's a wiki page up with the 1.0 plans, not entirely sure on the schedule yet though. :) Cheers, BEn --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: popup window feedback to main window
On 2/5/07, Shannon -jj Behrens [EMAIL PROTECTED] wrote: On 2/3/07, Sean Davis [EMAIL PROTECTED] wrote: I have a single page for creating/editing an object with foreign keys to several other smaller tables. When the user is working on the main page, I would like to let him/her have the option of creating a new one of the smaller objects. One way to do that is in-line, supplying the fields for a new referenced object. However, the way that I have seen that I like is to allow a popup window that allows creation of the new object that, upon saving, updates a select box or option box on the original page. Any suggestions on links that show how to do this? Or, tell me that there is another way that is better. I noticed that you're using GMail, and GMail does something like this. Click on More actions... New label... Thanks, jj. I ended up finding exactly what I was looking for on a javascript forum. It was the opener object. http://www.webdeveloper.com/forum/showthread.php?t=131327highlight=parent+window Sean --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: How to build/use an egg with lots of lib/* command utils?
On 2/5/07, David Smith [EMAIL PROTECTED] wrote: Hi Chris, You said that your command line programs are using the same SQLAlchemy tables etc as your web-app, I'd like to know how you're handling configuration. I ask because Ian Bicking and I are still formulating the ideas for how to handle scripts bundled with web-apps (for the same purpose, things to run from cron and whatnot) and manually parsing the pastedeploy config file with your own configparser is less than ideal, as is putting all of your configuration in the [app:main] section and copy-pasting boilerplate paste.deploy related source-code to get it to read that section the standard way. From an application developer's perspective, I'd ideally like to be able to write a config file that looks something like [DEFAULT] sqlalchemy.dburi = whatever log_settings = whatever [app:main] use = egg:whatever .. web-app related settings .. [script:do_something] use = app:main ... do_something script related settings .. then in my do_something script, import paste deploy and let it figure out my configuration which would get passed to my class's main or __init__ as app_conf, global_conf, which paste would know to override with whatever was given on the command-line. The command-line argument to config-file argument mapping scheme could be something simple like convert all underbars to hyphens so that log_file becomes --log-file. And finally, a function to kickstart the script could be written separately or whatever and listed in the setup.py as a standard setuptools console_scripts entry point. What do you think? I was about to ask the same thing. I normally have a bin/ directory in my applications for command-line administrative tasks. I do NOT want these merged into the global bin/ directory; I want them to stay with the application. Either because they've been copied from another application and slightly modified but still have the same name, or because they're ad hoc or temporary. And also so I don't have to remember, What's this 'foo' and which application does it belong to? I haven't figured out how to do that with eggs; just register them as extra files? I do have a .pth in the global site-packages pointing to the app's lib directory. Sometimes a site-wide program requires access to every application's libraries and config (e.g., to do a backup or logging reports). Not sure what setuptools console_scripts entry point is. Is that a setup.py command? I could use setup.py commands for my utilities, but there are likely to be a lot of them and some will be ad hoc, not something you'd want to link to setup.py if you don't have to. Plus, if you really install the egg properly (which I'm only half convinced is worthwhile), there will be no setup.py on the server. -- Mike Orr [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: HelloDatabase example?
On 2/6/07, Steve Bergman [EMAIL PROTECTED] wrote:
Hi guys,
I'm brand new to Pylons, coming from TurboGears.
In TG it is drop dead simple to get the model defined, the database
tables auto-generated, and to the point that I'm ready to start
writing controllers and templates.
You just:
1. $ tg-admin quickstart hellodatabase
2. Define the model in models.py
3. tg-admin sql create
and you're ready to start coding.
I've done the QuickWiki tutorial. And based upon that it seems that
in Pylons there is more involved in getting to that point. Config
files to edit, etc. Even defining the database URI in two separate
places.
That's not the end of the world, of course. But I would be interested
to know just what is the simplest way to get a quick and dirty project
started.
I'm just figuring this out now. The absolute minimum, assuming you
have an existing MySQL database like I do, is:
=
# development.ini
sqlalchemy.dburi = mysql://USER:[EMAIL PROTECTED]/DB?use_unicode=1
sqlalchemy.echo = true
# A controller method
def simple_query(self):
from pylons.database import create_engine
engine = create_engine()
sql = SELECT name FROM Incident ORDER BY activity_date DESC LIMIT 1
data = list(engine.execute(sql))
if data:
name = data[0][0]
return Response('Newest incident is strong%s/strong.' % name)
else:
return Response(No incidents found.)
=
Going beyond this, you'd have to set up a model and put
database-creation commands in My_APP/websetup.py. The best info for
setting this up seems to be this mail message:
http://groups.google.com/group/pylons-discuss/msg/f424e9f51f7e3627
which is linked in the Using SQLAlchemy with Pylons wiki page:
http://pylonshq.com/project/pylonshq/wiki/SqlAlchemyWithPylons
Note that the wiki page is out of date. I've never seen dsn or
echo_queries config vars, so they must come from an earlier version
of Pylons.
The most useful functions in pylons.database are documented here:
http://pylonshq.com/docs/0.9.4/module-pylons.database.html#make_session
engine = create_engine()
gets you an engine connection based on the config file.
db_session = make_session()
creates a SQLAlchemy session to access the ORM features.
QuickWiki puts the DB session in a 'self' attribute in the base
controller, if I remember right.
What do you mean about putting the database URI in two separate
places?Where's the other place?
--
Mike Orr [EMAIL PROTECTED]
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
Re: HelloDatabase example?
By the way, I found what appears to be a contradiction in the SQLAlchemy docs. I had to use use_unicode=1charset=utf8 in my query string to get SQLAlchemy to accept it, which agrees with the MySQL notes on the SQLAlchemy wiki: http://www.sqlalchemy.org/trac/wiki/DatabaseNotes But the SQLAlchemy manual lists different options (convert_unicode and encoding): http://www.sqlalchemy.org/docs/dbengine.myt#dbengine I'm not sure of the difference between the two or how you'd specify the second set of options in the config file. Another thing to watch out for is MySQL has one encoding for the database (or table or column), and another for the client connection. If the two differ MySQL converts values between them. I assume that means you can set the encoding to anything in Pylons, and it will set both the MySQL client encoding and the Unicode decode encoding. I make it easy on myself and just use utf-8 everywhere, both for the database and for HTML output. The only time I use a different encoding is when parsing an external file, which may come in macroman or windows-1252. -- Mike Orr [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Re: Request: tutorial for ToscaWidgets :)
On Feb 5, 2007, at 6:32 PM, Damjan wrote: I've created this Genshi markup for a project of mine http://groups.google.com/group/pylons-discuss/web/edit.html ... now I have this tagging widget there that works with Mochikit. It shows the tags associated with a page, and allows for AJAX adding and removing of the tags (with all the bells and whistles). So the input to the widget is, the initial taglist, addtag and removetag URL's and a url for the activity indicator. It would be nice if those parameters could be passed to a constructor in a single js call, that would make wraping it in a TW quite easy and it would allow having multiple taggers in the same page. Now I thinks it would be great if this was a ToscaWidget, that I could reuse in other pages.. but I don't know anything about ToscaWidgets (yet) ... so maybe if someone can create a ToscaWidget of this example it would be an interesting and helpfull tutorial? Indeed :) I'm having the same problem as David mentioned, quite a few widgets made for projects but none simple, yet interesting enough ones to use as examples (well, apart from all the crappy late-hour rushes which I'm too embarrased to share ;). I'm pretty short of time lately but if you could rearrange the js to be initialized with a single call I'll try to provide a widget with commented code soon. Thanks, Alberto --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups pylons-discuss group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~--~~~~--~~--~--~---
Routes doesn't protect '/' in generate() arguments, breaks matching later
I've got a route defined in routing.py like:
m.connect('kb/:fac/:sev/:expires/:checksum/*text', controller='kb',
action='search')
In a command line tool, I import routes and routing to get the map
then use generate to construct a URL:
kb_url = conf.URL_BASE + m.generate('kb','search',
fac=facility, sev=severity,
expires=expire,
checksum=checksum, text=message)
This matches, most of the time, and most special characters are URL
encoded. But if one of the generate() parameters contains slashes,
the slashes aren't encoded; below, facility=FastEnet-10/100/e0a and
severity=error:
http://example.com/kb/FastEnet-10/100/e0a/error/42/666/duplicate+IP+address+192.168.1.98%21%21+sent+from+ethernet+address%3A+00%3Aa0%3A98%3A00%3A78%3A3d
The slashes in the URL cause the route match to fail.
Is this a bug in the URL encoding that routes is doing?
If not, how should I encode them so that subsequent routes encoding
doesn't break decoding by apache and pylons-routes?
Thanks.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
Re: Routes doesn't protect '/' in generate() arguments, breaks matching later
Chris Shenton wrote:
I've got a route defined in routing.py like:
m.connect('kb/:fac/:sev/:expires/:checksum/*text', controller='kb',
action='search')
In a command line tool, I import routes and routing to get the map
then use generate to construct a URL:
kb_url = conf.URL_BASE + m.generate('kb','search',
fac=facility, sev=severity,
expires=expire,
checksum=checksum, text=message)
This matches, most of the time, and most special characters are URL
encoded. But if one of the generate() parameters contains slashes,
the slashes aren't encoded; below, facility=FastEnet-10/100/e0a and
severity=error:
http://example.com/kb/FastEnet-10/100/e0a/error/42/666/duplicate+IP+address+192.168.1.98%21%21+sent+from+ethernet+address%3A+00%3Aa0%3A98%3A00%3A78%3A3d
The slashes in the URL cause the route match to fail.
Is this a bug in the URL encoding that routes is doing?
If not, how should I encode them so that subsequent routes encoding
doesn't break decoding by apache and pylons-routes?
FWIW, there will be no way for Routes to distinguish an incoming request
for FastEnet-10/100 from FastEnet-10%2f100 -- WSGI/CGI dictates that the
path is decoded before it is sent to Routes, so the two end up the same.
Generally it seems like Routes should just reject such a substitution.
--
Ian Bicking | [EMAIL PROTECTED] | http://blog.ianbicking.org
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
pylons-discuss group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~--~~~~--~~--~--~---
