Hi, Alberto. That's pretty interesting, and I think it'll be worth implementing in tgext.authorization (now called repoze.what; more on this on another thread).
I think your ACL-based approach will be extremely useful in the templates of a web site (e.g., a function in Genshi that displays a link if the user is allowed to access the resource in question), among other situations. That's something we can discuss further when we meet in the next Sprint, so that we can understand each others' work better before trying to implement it. Cheers! On Sunday November 2, 2008 12:16:04 Alberto Valverde wrote: > Gustavo Narea wrote: > > On Thursday October 30, 2008 05:42:58 Mark Ramm wrote: > >> I do think it would be interesting and useful to be able > >> to provide some helpers that make it very easy to write authorization > >> rules that do "row-level" (really SA object level) authorization > >> checks in the controller. > > I was planning to implement something along these lines for Rum and > began working in it in RumSecurity [1] which is an authorization library > which uses generic functions that users can extend to implement whatever > policy. This is based on PEAK-security. > > I began writting it before Gustavo began working on his authz library > and there's probably a big overlap so I might/probably ditch RumSecurity > and study how to extend his better documented library to do what I > need... anyway, maybe you can consider using generic functions to allow > users to extend authorization rules in a very flexible and powerful way. > > You don't even need to depend on PEAK-Rules at all since it can extend > any existing function (don't need to declare it as "generic" before > using it). Only think about this use-case and design a function with a > signature that allows for extension, for example take a look at the > Policy.has_permission() function in [2]. Also, a way to bind permissions > (metadata) to objects/actions is needed too... RumSecurity does this > with Policy.permission_for() using a technique stolen from peak.metadata. > > Anyway, I still haven't looked at Gustavo's code in much detail so it > might already be implemented in a way that allows for extension in this > way, in that case just ignore what I said :) > > Alberto > > [1] http://toscawidgets.org/hg/RumSecurity > [2] http://toscawidgets.org/hg/RumSecurity/file/tip/rumsecurity/policy.py > > -- Gustavo Narea <http://gustavonarea.net/>. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
