Thanks for your reply.
After going through the tutorials for AuthKit and for repoze.who, I
ended up taking your advice and building my own simple login for basic
login and authorization.
Thanks for the response!
Steven
On Oct 15, 3:30 pm, "Mike Orr" <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 15, 2008 at 3:29 PM, Mike Orr <[EMAIL PROTECTED]> wrote:
> > On Wed, Oct 15, 2008 at 3:22 PM, MilesTogoe <[EMAIL PROTECTED]> wrote:
>
> >> Mike Orr wrote:
> >>> On Wed, Oct 15, 2008 at 11:03 AM, Steven <[EMAIL PROTECTED]> wrote:
>
> >>>> I'm a newbie trying to get a grasp on what options I have for
> >>>> Authentication and Authorization. From reading the docs and the
> >>>> pylonsbook.com I've found 2 options so far:
>
> >>>> repoze.who (ported from Zope)
> >>>> AuthKit (work in progress? )
>
> >>>> Are there others?
>
> >>> Building your own is popular. I have a login form and a two-mode
> >>> authentication that uses LDAP or a database depending on the
> >>> username's syntax. I have several classes called Permsets
> >>> ("permission sets") with boolean attributes to describe what
> >>> permissions a type of user has.
>
> >>> Then I have a require_perm() function that takes the expected
> >>> permission name and arguments, and aborts 403 if forbidden. My base
> >>> controller has a .__before__ that does authentication, and controllers
> >>> can have a class attribtute describing the most lenient permission
> >>> common to all the actions. Then individual actions can do more
> >>> restrictive tests; e.g., can the user view or edit a particular
> >>> database record?
>
> >>> A companion function has_perm() tells whether something is alllowed,
> >>> which tells me whether to generate links to restricted pages.
>
> >>> If you want to use Basic Authentication rather than a login form, you
> >>> have to look up the proper HTML statuses and headers to trigger it.
> >>> That's where repoze.who and AuthKit come in especially handy tcause
> >>> they do all that for you.
>
> >> wondering how this is read between pages - it seems like wsgi middleware
> >> has a lot to offer here but aside from packages such as beaker, haven't
> >> seen much write up on it. If you haven't already, this would make a
> >> good "pylons cookbook" recipe since it's one of those core functions
> >> that most have to do.
>
> > I haven't used either system so somebody else would have to do this.
>
> Oh, you mean my system? Yeah, I can do this, but I've got a deadline
> this week so it won't be till later.
>
> --
> Mike Orr <[EMAIL PROTECTED]>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
