This one time, at band camp, askel wrote: > >Bilboon wrote: > >> Is there a simple way to protect methods of controllers using permission ? > >There is always more than one way, despite Python's manifesto :) > >You can use AuthKit. Search for AuthKit in this group's archives for >more information. >I personally didn't like that it depends on extra libraries so I went >another way. >I developed tiny module that includes one decorator and a very simple >middleware. >I can protect "actions" this way: >... >@permissions(users=['god'], roles=['admin', 'manager']) >def index(self): > ... > >All this decorator does is check whether > >a) user is authenticated by checking special session variables and if >that is not the case it sends redirect to login url (simply injected by >middleware into environment) > >b) user name and roles match "action" permissions otherwise 403 is >returned to user > >I can post this module somewhere if you are interested.
I'm interested ;-) I liked that AuthKit tried to be an extensible middleware, but it hasn't gotten there yet because as you say it depends on libraries that I'd prefer not to use. Ben and James are working on a new version, as they've mentioned in the archives. I like your approach too; a library that just provided a middleware and a protection scheme with a facility to register a callback is minimal enough to allow someone to use their existing user data, or use something other than a SQL backend (say, integrating with ones LDAP directory, for example). So, please post your code ;-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss -~----------~----~----~----~------~----~------~--~---
