On Sat, Sep 26, 2009 at 2:32 PM, Iain Duncan <iaindun...@telus.net> wrote: > > On Sat, 2009-09-26 at 11:58 -0400, Thomas G. Willis wrote: > > Hello, I'm a newb at this, and I tried my best to do the research but > > I'm still confused. > > > > I was wondering if anyone is aware of an example that shows how to > > link repoze.what to an aclauthorzationpolicy . > > > > I have some who/what plugin bits (WhoPlugin, GroupSource and > > PermissionSource) I wrote that I would like to use, and preferably > > using an ini file for configuring repoze.what. > > > > There's a good chance I am missing something obvious, please be > > gentle. > > Do you mean with bfg? I would love to see a bfg equivalent of Gustavo's > repoze.what-pylons example app and quickstart. I think that would go a > long way to increasing bfg adoption. BFG's roll-you-own nature makes > great docs even more important and I think Chris et al have done a > fantastic job in that regard, but I gotta admin I hit the wall when it > came to repoze.who/what. The system is great, but there is a *lot* to > digest to get it working. > > Iain >
Yes with bfg. for example.... http://docs.repoze.org/bfg/1.1/narr/security.html#repozewho1authenticationpolicy gives the details for setting up a repoze.who authenticationpolicy (though I think I could use the remote user one too) but.... <repozewho1authenticationpolicy identifier_name="auth_tkt" callback=".somemodule.somefunc" /> but the callback arg doesn't make sense if you already have a GroupSource and PermissionSource configured via repoze.what. But not putting a callback in makes the policy assume the user belongs to no groups. I think repoze.what ties permissions to groups, so if user belongs to no groups then no permissions? Furthermore, I don't have a callback to put there, it's all config driven. As far as I could tell, repoze.what doesn't seem to provide a way to get at the groups for the current request, but I could be wrong here. But even if I could get the groups back, how would I wire in the PermissionSource for acls? I still feel like I'm missing something obvious. But I was hoping to get this working because I rather like having the perms configured in the zcml rather than in decorators/predicates on specific functions. Other than that, thank you to those responsible for bfg. I'm really digging it despite these little hurdles. -- Thomas G. Willis _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev