[TurboGears] Re: Auth spec

Sat, 08 Oct 2005 09:27:56 -0700 

I like this.

I think groups are useful for organizational purposes on larger scale
apps, but roles is a better conceptual idea for permission assignment
and requirement.

I actually like Zope's User, Group and Role 3-way system, complicated
though it is.  it's great for large scale systems like Zope is intended
to be.

I think for TG, thought groups can come later, if the is a need.  KISS
right? :-)

Krys

Lethalman wrote:

>I've seen how does multiauth work.
>I suggest this auth model for turbogears:
>
>MODEL
>
>class AuthRole:
>  name = StringCol(alternateID=True)
>  inherit = RelatedJoin("AuthRole") # Is it possible?
>  users = RelatedJoin("AuthUser")
>
>class AuthUser:
>  username = StringCol(alternateID=True)
>  password = StringCol()
>  roles = RelatedJoin("AuthRole")
>  # Functions to get/save encrypted passwords
>
>CONTROLLER
>
>class Root:
>  admin = Admin(['admin'])
>
>  @turbogears.expose()
>  def index(self)
>
>  @turbogears.expose(secure=['user.vote_polls'])
>  def vote(self)
>
>class Admin:
>  @turbogears.expose()
>  def index(self)
>
>  @turbogears.expose(secure=['admin.view_polls'])
>  def view_polls(self)
>
>  @turbogears.secure(secure=['admin.edit_polls'])
>  @turbogears.expose()
>  def edit_polls(self)
>
>  @turbogears.secure(secure=['admin.del_polls'])
>  @turbogears.expose()
>  def del_polls(self)
>
>Ok we have the following roles (-> means inherit):
>user
>user.vote_polls -> user
>user.all -> user, user.vote_polls
>admin -> user.all
>admin.view_polls -> admin
>admin.edit_polls -> admin.view_polls
>admin.del_polls -> admin.view_polls
>admin.super -> admin, admin.view_polls, admin.del_polls
>
>And we have these users with relative roles:
>A - user
>B - user.all
>C - admin
>D - admin, admin.del_polls
>E - admin.super
>
>Ok, roles are recursively inherited and fetched in a single list even
>if there're duplicates.
>
>These are the access for each user:
>A -> Root.index
>B -> All Root
>C -> Admin.index
>D -> Admin.index, Admin.view_polls, Admin.del_polls
>E -> All Admin
>
>What about? I think (opposite to my former mail) groups are unuseful.
>
>--
>www.italianpug.org - Italian Python User Group Founder
>
>  
>

Reply via email to