"Vlad K." <[email protected]> writes:
> First of all, I don't quite understand the kw params of the remember()
> function. If those params are app specific, where can they be "read"
> and used after remembering?
I use it like this:
headers = remember(request, user.id)
return HTTPFound(location=resource_url(somecontext, request),
headers=headers)
> Furthermore, is the groupfinder callback really needed? Can't all the
> relevant user data (say userid, and group principals) be set via the
> signed cookie? In other words, how can I prevent (db storage) lookup
> upon each request and rely only on the data in the ticket cookie?
> After all, the userid and group is usually (at least in my case) set
> upon login and does not have to be looked up for existence upon each
> request.
For my app, a user can have many different "roles" (or groups in this
case) so I use the groupfinder callback to, essentially, look up all of
the roles relevant to a given user.
A function in my user model module:
def role_filter(user_id, request):
session = DBSession()
user = session.query(User).filter(User.id==user_id).first()
if user:
return [('group:%s' % role.name) for role in user.rolez]
else:
return None
Then inside __init__.py when configuring the Configurator:
config = Configurator(settings=settings,
root_factory=get_root,
session_factory=session_factory_from_settings(settings),
authentication_policy=AuthTktAuthenticationPolicy('somesecritkey',
timeout=1800, reissue_time=180, callback=role_filter),
authorization_policy=ACLAuthorizationPolicy())
Then in my resources.py module I define the acls with the resources, the
login resource (clipped for brevity) for example:
class LoginResource(object):
"""A resource for login."""
__acl__ = [(Deny, Authenticated, ALL_PERMISSIONS), (Allow, Everyone,
('read', 'write'))]
Or you can (Allow, 'group:writer', ('read', 'write')) on some other
resource assuming one of the user's groups is "writer".
Hope that helps (btw, if anyone has a way that is better than mine,
please speak up!).
--
Parnell "ixmatus" Springmeyer (http://ixmat.us)
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
