It does appear that way, however after I was able to grok traversal and
the fact that acls can be set on the fly on the context object returned
by traversal, it was quite straight-forward.
I feel that if it were presented and explained in the following way in
the docs it would be quite useful (at least would have been to me):
1. Traversal gives you context via Factories
2. Routes give you views (in a naive manner of speaking)
3. In Factories.__getitem__ contexts are created (or factories chained)
and acls can be set on that context
4. acls set on context can be applied to views and will be enforced
Of course these can be customized and hooked up in all sorts of
interesting ways but that capability need not be documented in
tutorials. My concern with rolling your own (having done it multiple
times with pylons) is that there are lots of t's to cross and i's to dot
and it is easy to miss some thus potentially leaving your application
vulnerable.
Once I have some time (perhaps in a few weeks) I will post annotated
sources to a skeletal implementation that demos authn and authz with
hierarchical permissions that reflects my understanding of how this all
works and hopefully it will be useful.
@mmrickels auth demo is helpful but I felt that I had to read the
traversal docs and examples about 5 times before I was able to map the
demo and docs to actual things that I wanted to do.
AM
On 09/13/2013 09:11 AM, Jonathan Vanasco wrote:
FWIW-
Personally, I've found pyramid auth to be a beast and rather
intimidating.
It was definitely a turn-off for me, until I realized that I could
just ditch it and write my own.
Not just from it's power and complexity, but from it appearing to be
overkill for some situations. So I'm not sure it would do good in a
Quick Tour. I do think it would be interesting to have an auth
tutorial that covers a handful of different ways to implement pyramid
auth.
On Friday, September 13, 2013 7:25:13 AM UTC-4, Paul Everitt wrote:
I left authentication and authorization out of the Quick Tour that we
just did:
http://docs.pylonsproject.org/projects/pyramid/en/master/quick_tour.html
<http://docs.pylonsproject.org/projects/pyramid/en/master/quick_tour.html>
However I added it to the Quick Tutorial that I just did. Which
probably
means I need to add it to the Quick Tour. :) I will try to get the
Quick
Tutorial online in the coming days, stay tuned here for more details.
--
You received this message because you are subscribed to the Google
Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.
