On Sat, Sep 26, 2009 at 2:32 PM, Iain Duncan <iaindun...@telus.net> wrote:
> On Sat, 2009-09-26 at 11:58 -0400, Thomas G. Willis wrote:
> > Hello, I'm a newb at this, and I tried my best to do the research but
> > I'm still confused.
> > I was wondering if anyone is aware of an example that shows how to
> > link repoze.what to an aclauthorzationpolicy .
> > I have some who/what plugin bits (WhoPlugin, GroupSource and
> > PermissionSource) I wrote that I would like to use, and preferably
> > using an ini file for configuring repoze.what.
> > There's a good chance I am missing something obvious, please be
> > gentle.
> Do you mean with bfg? I would love to see a bfg equivalent of Gustavo's
> repoze.what-pylons example app and quickstart. I think that would go a
> long way to increasing bfg adoption. BFG's roll-you-own nature makes
> great docs even more important and I think Chris et al have done a
> fantastic job in that regard, but I gotta admin I hit the wall when it
> came to repoze.who/what. The system is great, but there is a *lot* to
> digest to get it working.
Yes with bfg. for example....
gives the details for setting up a repoze.who authenticationpolicy
(though I think I could use the remote user one too)
but the callback arg doesn't make sense if you already have a
GroupSource and PermissionSource configured via repoze.what. But not
putting a callback in makes the policy assume the user belongs to no
groups. I think repoze.what ties permissions to groups, so if user
belongs to no groups then no permissions? Furthermore, I don't have a
callback to put there, it's all config driven.
As far as I could tell, repoze.what doesn't seem to provide a way to
get at the groups for the current request, but I could be wrong here.
But even if I could get the groups back, how would I wire in the
PermissionSource for acls?
I still feel like I'm missing something obvious. But I was hoping to
get this working because I rather like having the perms configured in
the zcml rather than in decorators/predicates on specific functions.
Other than that, thank you to those responsible for bfg. I'm really
digging it despite these little hurdles.
Thomas G. Willis
Repoze-dev mailing list