I recently began a TurboGears quickstarted project. Of course, the
first thing I decided to do turned out to be a bit more complicated
than I thought it would be. I wanted to modify the permissions to
allow individual permissions to be set on users. This task led me all
around the sources until finally I was oriented enough to approach a
solution. There's just one problem...
repoze/what/midddleware.py lines 99-100:
identity['groups'] = groups
identity['permissions'] = permissions
and lines 105-106:
environ['repoze.what.credentials']['groups'] = groups
environ['repoze.what.credentials']['permissions'] = permissions
As you can see, repoze.what's middleware overwrites the existing
contents of environ and identity with the values it retrieves. the
groups and permissions variables come from a call to self._find_groups
which takes only credentials as an input, looping through the groups
for those credentials and the permissions those groups have.
That may not seem so bad until you find your way to
repoze/who/middleware.py, lines 174-179:
def add_metadata(self, environ, classification, identity):
candidates = self.registry.get(IMetadataProvider, ())
plugins = match_classification(IMetadataProvider, candidates,
for plugin in plugins:
(I just know e-mail is going to mangle the spacing, so I'm sorry in advance)
The .get made me suspicious and, sure enough, self.registry is a
dictionary. Which means it's hashed and orderless by nature.
I'd quite like to simply add an IMetadataProvider to base_config in my
app_cfg.py that takes care of my needs. This also works best, because
if I tried to sneak in an extra permission_adapter to repoze.what, it
would get called redundantly when there was more than one group.
There's no clean solution for me without modifying the library. It
occurred to me that even better than modifying the library would be
submitting a patch to fix it at the source. Well, I've never submitted
a patch before and I barely know Python yet, so it may be better if
somebody else does it. I am willing, though, if necessary. Simply
modifying the middleware to add the groups and permissions onto the
identity and environ dictionaries would be enough to make it play
nicely with other providers, so that is what I would like to suggest.
If the developers agree, please point me in the right direction to
create and submit a patch, or, y'know, just change a couple lines.
Thanks for your time.
P.S. The list site wouldn't let me sign up (says there's some theme
error, maybe that broke the form?) so if I don't get automatically
added or an automated message telling me how, I may not immediately
get any replies that don't include my actual e-mail address.
Repoze-dev mailing list