Gustavo Narea wrote: > On Thursday October 30, 2008 05:42:58 Mark Ramm wrote: > >> I do think it would be interesting and useful to be able >> to provide some helpers that make it very easy to write authorization >> rules that do "row-level" (really SA object level) authorization >> checks in the controller. >>
I was planning to implement something along these lines for Rum and began working in it in RumSecurity [1] which is an authorization library which uses generic functions that users can extend to implement whatever policy. This is based on PEAK-security. I began writting it before Gustavo began working on his authz library and there's probably a big overlap so I might/probably ditch RumSecurity and study how to extend his better documented library to do what I need... anyway, maybe you can consider using generic functions to allow users to extend authorization rules in a very flexible and powerful way. You don't even need to depend on PEAK-Rules at all since it can extend any existing function (don't need to declare it as "generic" before using it). Only think about this use-case and design a function with a signature that allows for extension, for example take a look at the Policy.has_permission() function in [2]. Also, a way to bind permissions (metadata) to objects/actions is needed too... RumSecurity does this with Policy.permission_for() using a technique stolen from peak.metadata. Anyway, I still haven't looked at Gustavo's code in much detail so it might already be implemented in a way that allows for extension in this way, in that case just ignore what I said :) Alberto [1] http://toscawidgets.org/hg/RumSecurity [2] http://toscawidgets.org/hg/RumSecurity/file/tip/rumsecurity/policy.py --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
