On Thu, 2007-27-12 at 17:36 -1000, Jonathan LaCour wrote: > iain duncan wrote: > > > You're using SA0.4 right? ( elixir based I assume ... ) > > Yep, right on both counts. > > > What about using SA;s Association Proxy on the identity handling > > object to add permissions in a dead simple to use manner but clear > > manner, ie something vaugely like: > > > > if Identity.Role.get('admin') in Identity.user.groups: > > Actually, I think we should keep any sort of model-related > code or expectations out of the authentication/authorization > framework entirely. In my mind, this is one of the worst things > about identity in TurboGears 1.0, is that it makes all sorts of > assumptions about your model objects, and their associated API. > I'd prefer it if the authentication mechanism was a user-supplied > callable, which would allow the user to perform their authentication > in any way that they like.
I totally agree with that, I was meaning in the next layer down, as in what one might do to tweak identity. But I guess I didn't make that clear in the slightest. ;-) > > To keep the Hit-The-Ground-Running (HTGR) experience as positive > as possible, it might be wise to include a simple authentication > function in the generated code within the template. It could > include a simple `User` model, including encryption, in either > SQLAlchemy or Elixir depending on the template, and a super-simple > callable that performs authentication using the generated model. > > People who wanted to swap it out for something different, could very > easily do so, without worrying about digging into the framework, or > working around it. This is a huge positive, in my opinion. > > > Could you post your code up somewhere Jonathan? > > Sure. It currently has some very application-specific code within > it, but it would be trivial for me to perform a little refactoring > to make it more general purpose. It might be "good enough" as an > identity replacement once I make the changes. > > I am currently on vacation, so will be spending lots of time on the > beach, but I might find some time to do this before I get back ;) > I'll let you (and the rest of the list) know as soon as I get this > done, and post it somewhere for people to review. Thanks, that sounds good! Iain ( not-on-beach, not-in-snow, just gross December Vancouver rain. ) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to turbogears-trunk@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---