It's not just the problem of hardcoded groups. Default authn
implementation with AuthTkt uses a groupfind callback which effectively
defines the group per request, and that would be the "right" place to
pull data from db (based on authenticated_userid).
Not being happy with it, I rolled my own session-based authentication
policy. I see Pyramid 1.1 has one built in. At any rate, upon loging I
set custom vars like _groups into session, and my Authn policy reads
that. Here's my SessionBasedAuthenticationPolicy:
class SessionBasedAuthenticationPolicy(object):
def authenticated_userid(self, request):
return request.session.get("_auth", None)
def unauthenticated_userid(self, request):
return self.authenticated_userid(request)
def effective_principals(self, request):
ep = [Everyone]
userid = request.session.get("_auth", None)
if userid:
ep.append(Authenticated)
ep.append(userid)
ep.extend(request.session.get("_auth_groups"))
return ep
def remember(self, request, principal, **kw):
request.session["_auth"] = principal
request.session["_auth_groups"] = ["group:" + i for i in
kw["groups"]]
return []
def forget(self, request):
del request.session["_auth"]
del request.session["_auth_groups"]
return []
and upon login I do
remember(request, user_id, groups=["user", "blah"])
.oO V Oo.
On 07/11/2011 10:12 PM, Raoul Snyman wrote:
I've just spent the better part of the weekend scouring the docs for
some mention or example of how to do auth (both authentication and
authorisation) from the database, and gave up and decided to roll my
own, because I can't see how to do it from the DB.
Which leads me to a question: Why is this so common? Every tutorial
I've seen on auth only shows hard-coded groups and permissions, none
deal with pulling stuff out of the database. Some don't even bother
with dynamic users. I'd bet that 90% of auth implementations use the
db, so I'm mystified why I never see an example of it.
Not to moan at you guys, I love Pyramid, but it's a deficiency I see
in the documentation, and not only in Pyramid.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
