Gustavo Narea schrieb:
> With systems like Catwalk in mind, which may provide information about how
> the
> auth system is working, I've created a couple of functions which return the
> current groups and permissions, respectively, in repoze.what v2 (but it's one
> of the things I'll backport to v1).
>
> Groups and permission are going to evolve. They won't be as simple as "zero
> or
> more users belong to a group" and "zero or more groups are granted a
> permission" forever. Among other things, they'll become hierarchized (e.g.,
> "group A is the parent of group B, so anyone who belongs to B also belongs to
> A"). So, those tuple of strings at credentials['groups'] and
> credentials['permissions'] will disappear as things turn more complex
> internally -- that is why the credentials dictionary won't be part of the API.
That's good, but one problem I'm seeing here is that groups and
permissions are often not only used to restrict views in templates or
restrict access to controllers, but also very tightly coupled with the
application logic through the data model. For instance, I have data
records with groups or permissions as foreign keys and queries which
filter using these values. I.e. TG apps rely on a certain structure of
users, groups and permissions anyway.
>> tg.acess takes any of the standard predicates as attribute and evaluates
>> that predicate immediately. We could also provide a mechanism to include
>> custom predicates in tg.access. This is of course a hack for TurboGears
>> only, I don't say it should be somehow included in repoze.what.
>> Something like that would just help to keep simple things simple in TG.
>
> I'm +0.5 on that, and I wouldn't mind implementing it if we raise this on a
> new thread and people agree. ;-)
As an alternative, we could propose the request aware evaluation of
predicates with bool() suggested in my other posting and then set
tg.access = repoze.what.predicates.
This would allow the same usage: tg.access.has_permission('edit').
I'll wait a while and if there are no better ideas, I'll create a new
thread asking for feedback regarding these two ideas then.
-- Christoph
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
