You may have better luck with the Pyramid 2.0 security system. It’s much
simpler for cases like yours where you don’t need ACL. For example, your
implementation might look like:
class CustomSecurityPolicy:
def identity(self, request):
return request.user
def authenticated_userid(self, request):
return request.user.id <http://request.user.id/> if request.user else None
def permits(self, request, context, permission):
if permission == ‘user’ and request.user:
return Allowed(‘User is signed in.’)
elif permission == ‘admin’ and request.user and request.user.id
<http://request.user.id/> == 1:
return Allowed(‘Admin user is signed in.’)
else:
return Denied(‘Access is not allowed.’)
def remember(request, userid, **kw):
… # Same as before
def forget(request, **kw):
…
That’s all. No ACL or root factory, just identity()/authenticated_userid()
returning the current user and permits() giving a thumbs up or down if access
should be allowed. Docs:
https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html
<https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html>
View derivers would certainly work. After all, the security system itself is
implemented with a view deriver. But personally I would avoid circumventing
the entire security system like that.
— Theron
> On May 22, 2021, at 2:16 PM, [email protected] <[email protected]> wrote:
>
> Hi,
>
> I've been using the following auth policies for years, it's been working fine:
>
> authn_policy = CustomSessionAuthenticationPolicy()
> authz_policy = ACLAuthorizationPolicy()
>
> config = Configurator(
> settings=settings,
> root_factory=RootFactory,
> authentication_policy=authn_policy,
> authorization_policy=authz_policy,
> )
>
>
> class RootFactory(object):
> __acl__ = [
> (Allow, Authenticated, 'user'),
> (Allow, 'g:admin', 'admin'),
> (Allow, 'g:superadmin', ALL_PERMISSIONS),
> ]
>
> def __init__(self, request):
> pass
>
>
>
> class CustomSessionAuthenticationPolicy(SessionAuthenticationPolicy):
> def authenticated_userid(self, request):
> return request.user.id
>
> def effective_principals(self, request):
> principals = [Everyone]
> if request.user:
> principals += [Authenticated]
>
> if request.user.id == 1:
> principals += ['g:superadmin', 'g:admin']
>
> return principals
>
> ---
>
> I'm trying to migrate off from this, as I simply don't understand what is
> happening behind and I prefer a much simpler view deriver based approach.
>
> Basically, with a couple of view derivers I could solve all my problems in a
> few hours, and it also allows me much more flexibility. For example for some
> views now I can do auth based on API tokens, while most of the views are
> using session based auth.
>
> My questions is, how can I make the auth/security policies as simple as
> possible? All I need is working CSRF, remember and forget.
>
> I'm on 1.10 but I'm happy to migrate to 2.0 if that allows a simplified
> approach.
>
> So far I was able to get it down to this:
>
> config = Configurator(
> settings=settings,
> root_factory=RootFactory,
> authentication_policy=SessionAuthenticationPolicy(),
> )
>
> class RootFactory(object):
> __acl__ = [
> (Allow, Authenticated, 'user'),
> ]
>
> def __init__(self, request):
> pass
>
> Session is via pyramid_session_redis.
>
> Thanks,
> Zsolt
>
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected]
> <mailto:[email protected]>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/pylons-discuss/60c5a72f-c847-46a9-8e5f-3ed2521f55a1n%40googlegroups.com
>
> <https://groups.google.com/d/msgid/pylons-discuss/60c5a72f-c847-46a9-8e5f-3ed2521f55a1n%40googlegroups.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/pylons-discuss/19F53725-D9C4-4D09-950A-CD92C46CBDCF%40luhn.com.
