On Thu, 2007-27-12 at 17:36 -1000, Jonathan LaCour wrote:
> iain duncan wrote:
>
> > You're using SA0.4 right? ( elixir based I assume ... )
>
> Yep, right on both counts.
>
> > What about using SA;s Association Proxy on the identity handling
> > object to add permissions in a dead simple to use manner but clear
> > manner, ie something vaugely like:
> >
> > if Identity.Role.get('admin') in Identity.user.groups:
>
> Actually, I think we should keep any sort of model-related
> code or expectations out of the authentication/authorization
> framework entirely. In my mind, this is one of the worst things
> about identity in TurboGears 1.0, is that it makes all sorts of
> assumptions about your model objects, and their associated API.
> I'd prefer it if the authentication mechanism was a user-supplied
> callable, which would allow the user to perform their authentication
> in any way that they like.
I totally agree with that, I was meaning in the next layer down, as in
what one might do to tweak identity. But I guess I didn't make that
clear in the slightest. ;-)
>
> To keep the Hit-The-Ground-Running (HTGR) experience as positive
> as possible, it might be wise to include a simple authentication
> function in the generated code within the template. It could
> include a simple `User` model, including encryption, in either
> SQLAlchemy or Elixir depending on the template, and a super-simple
> callable that performs authentication using the generated model.
>
> People who wanted to swap it out for something different, could very
> easily do so, without worrying about digging into the framework, or
> working around it. This is a huge positive, in my opinion.
>
> > Could you post your code up somewhere Jonathan?
>
> Sure. It currently has some very application-specific code within
> it, but it would be trivial for me to perform a little refactoring
> to make it more general purpose. It might be "good enough" as an
> identity replacement once I make the changes.
>
> I am currently on vacation, so will be spending lots of time on the
> beach, but I might find some time to do this before I get back ;)
> I'll let you (and the rest of the list) know as soon as I get this
> done, and post it somewhere for people to review.
Thanks, that sounds good!
Iain
( not-on-beach, not-in-snow, just gross December Vancouver rain. )
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to turbogears-trunk@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
