Gustavo Narea schrieb:
> * The TG2 documentation on authentication with repoze.who explains what
> environ['repoze.who.identity'] is, its short-cuts inside TG and that it's
> specific to repoze.who (not TG-specific).
> * That the repoze.who documentation _clearly_ states that it only deals with
> authentication and identification.
> * That the repoze.what documentation _clearly_ states that it only deals
> with
> authorization (using the groups/permissions-based authorization pattern by
> default).
>
> Some people would think that anybody who reads the documentation will
> understand that and so I can't think of another way to make it more clear.
> Can
> you please tell me how can we make it even _more_ clear?
Ok, I'll try to explain again.
My initial problem was that I (as a new TG2 user) wanted to check in a
template whether the user as a certain *permission*.
Now the TG2 docs told me (yes, _clearly_ enough):
"The authentication framework (repoze.who) only deals with the source(s)
that handle your users' *credentials*, while the authorization framework
(repoze.what) deals with both the source(s) that handle your *groups*
and those that handle your *permissions*."
Consequentially, since I wanted to check a *permission*, I checked the
repoze.*what* part of the TG2 docs. And sure enough, there I found the
"has_permission" predicate. However, that predicate cannot be used in
the template (or inside the controller) so easily. That's why I posted
the question (see subject line) which lead into this discussion.
But even if I had looked into the repoze.*who* part of the TG2 docs, I
wouldn't have found what I was looking for (namely to simply check
tg.identity.permissions). Indeed it mentions the request.identity
shortcut for request.environ.get('repoze.who.identity'). But it does not
mention that it is available as tg.request.identity or even shorter
tg.identity in the template as well, which is not obvious for a newbie.
And most of all it fails to mention that request.identity also contains
the groups and *permissions*, which a newbie wouldn't expect either,
after having been explained that they does not belong here.
That's the thing I called "confusing" and needs better documentation.
Could you follow me now?
-- Christoph
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
