On Mon, 2011-07-11 at 18:26 -0700, Eric Rasmussen wrote: > A while back I was working on a complete Pyramid + pyramid_sqla demo > to show how you can use authorization with a SQLite database and > SQLAlchemy. I just reworked it to use Pyramid + Akhet and it seems to > run fine, although there are likely a lot of little inconsistencies or > issues to be found here: > > http://pyramid.chromaticleaves.com/simpleauth/ > > If anyone has time to glance through it or go along with it and create > the demo, let me know how it works for you and if you find it useful > as a standalone project demonstration. If it seems to be what people > are looking for I can clean it up and make a recipe out of it. If not, > let me know how it could be more useful and I'll do what I can.
This looks great! I added a link to it in the Pyramid cookbook (it will be visible on the next renedering). Hope that's OK. > > On Mon, Jul 11, 2011 at 4:15 PM, Matt Feifarek > <[email protected]> wrote: > On Mon, Jul 11, 2011 at 3:12 PM, Raoul Snyman > <[email protected]> wrote: > I've just spent the better part of the weekend > scouring the docs for > some mention or example of how to do auth (both > authentication and > authorisation) from the database, and gave up and > decided to roll my > own, because I can't see how to do it from the DB. > > > I can't answer your question as to why there aren't more > tutorials. I've recently done what you are now doing, and > found this very helpful: > https://github.com/mmerickel/pyramid_auth_demo > > > For me, making __acl__ into a property that is therefore > in-effect a function call allows me to mix more than one kind > of "group" or other credentials. In my case, I have three: > > > 1. I have groups that are basically class-level static > permissions, declared in my class definition in an attribute > called _class_acls. > > > 2. Then I have some credentials that are stored in my database > with the user account object itself, in an attribute called > _inst_acls, but could be a column or whatever. > > > 3. and finally I have credentials that are derived at > call-time based on things like the users' id. One could go on > and on, of course, having a "its_a_tuesday_morning" > permission, or "user_id_is_divisible_by_7" or whatever. > > > The __acl__ attribute is really running self._get_acls() which > assembles all three types of permission credentials; it was an > aha moment for me, and I'm embarrassed that I didn't think of > it sooner; I guess reading the docs made me think that there > might be something "magical" about __acl__ but it's just an > attribute. > > > This trick can also be extended to objects that need > authorization, as in the link I pasted. These two "dymanic" > tricks make the standard traversal and acl stuff super > powerful. I'm using ZODB, but the principle is the same. Once > you think about __acl__ as something that can be callable, you > can literally do anything. > > > I hope this helps, but really, Michael Merickel is the one to > thank for the example. > > > > -- > You received this message because you are subscribed to the > Google Groups "pylons-discuss" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to pylons-discuss > [email protected]. > For more options, visit this group at > http://groups.google.com/group/pylons-discuss?hl=en. > > > > > -- > You received this message because you are subscribed to the Google > Groups "pylons-discuss" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to pylons-discuss > [email protected]. > For more options, visit this group at > http://groups.google.com/group/pylons-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
