Today I took some time to review the state of affairs for checking for
what used to be identity in TG1.
A little reminder of the API
IMO that api was really good as tg.identity (the template variable)
was a simple proxy to the current logged in user and some handy
Fast forward to TG2 we have a very different API
first it's a dict and not a Bunch (aka attribute access)
['userdata', 'repoze.who.userid', 'timestamp', 'tokens', 'user',
more interesting than that template_vars.tg.identity returns None when
the user isn't logged on. which means you will have to precheck all
your access tests in something along the lines of
if tg.identity and tg.identity['user'] == "something"
which is too weird.
on top of that it seems to me that checks in the form of are simply not possible
py:if="'admin' in tg.identity.groups""
is there an obvious way of doing this with repoze.what that I'm
missing? Also keep in mind this is pure syntax sugar as the real
security check was done in the controller. Last but not least is this
a class that is worth including in r.what? or should we keep it TG
only? IMO this api is nice enough to work on any python
template/framework and I think it's totally worth pushing into what.
Repoze-dev mailing list