My plan for the next sprint was to provide a hook in the object dispatch in the way you describe. If you get this working, let me know, I'll put it in production here. I think I got one of the last items sorted out on the repoze.who side, and I have been testing it like mad.
Personally, I prefer (one of the) ways TG1 did security, which was to wrap the dispatch object with a function that provided the necessary security level. I would have wanted to see this as the default way of doing security, because it allows people to write plug-in controllers that have no security, which can later be easily created. (subclassing CatWalk() vs. make_secure(catwak)) cheers. -chris On May 12, 1:03 pm, "Mark Ramm" <[EMAIL PROTECTED]> wrote: > I'd like to finalize some things in tgrepozewho, and get it ready for > a release. I'm not sure what the name should be, but I'm thinking > we may want to change the name to something that's a bit more easily > identifiable for people who don't yet know where to look for > authentication/authorization stuff. > > I'll add a hook in the object dispatch which enforces restrictions on > classes so that dispatch can stop as soon as a not-authorized event is > hit. We should be able to make this backwards compatible with TG1's > secure controller -- but my plan is just to check for a callable > grant_access in the controller, and evaluate that callable if it > exists. We can create a SecureResource class with two things: > > 1) a require property that can be set to an identity predicate. It > will default to requiring login, because that's the most common case:: > > require = not_anonymous() > > 2) a grant_access callable that returns True or False, using require. > > To create custom security mechanisms for a controller you'd just need > to add a grant_access callable.... > > What do you think? > -- > Mark Ramm-Christensen > email: mark at compoundthinking dot com > blog:www.compoundthinking.com/blog --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
