Can I just sneak some generic functions into Identity than? ;)
What I would like is to have more flexibility when it comes to
authentication failure. Therefore I propose adding function fail()
defined as:
@generic()
def fail(func, errors=None):
pass
@fail.when(strategy.default)
def _default_redirect(func, errors):
raise cherrypy.InternalRedirect(
current_provider.url_for_identity_failure())
Predominantly it would get called from require(), but of curse it could
be triggered manually as well.
Motivation:
1) Contextual redirection
2) Additional logging
For example one may want to log every failed attempt to log-in as an
administrator.
3) Additional error handling
For example properly ending a transaction, saving input of a multi-page
form, etc.
This enchantment is fully backwards compatible and imposes no overhead
to those who do not wish to use it.
Cheers,
Simon
Kevin Dangoor wrote:
I've been thinking about combining Identity + peak.security (or, more
specifically, RuleDispatch) for the past couple of weeks. (Not
constantly, mind you... just when I've had the chance.) Computer
science is all about tradeoffs. Occasionally, you'll have something
that is distinctly a win with no drawbacks. More often than not,
though, you need to balance things out between flexibility, complexity
and performance. But you knew that, already.
In this particular case, I think that the Identity user API is really
easy to use and will meet a good variety of needs (but certainly not
all). peak.security is the kind of thing that can meet everyone's
needs, but wouldn't be as easy for some of the common cases that
Identity is good at.
Here's my thinking:
1) Leave the Identity user API as is for 0.9.0
2) Don't try to work the notion of a "subject" into the existing API.
The idea with a "subject" is: does this user have "edit" permission
*for this item*. It's very app specific, and RuleDispatch would be a
big win here.
3) Integrate peak.security/RuleDispatch into some later release
4) Ensure that there are enough plugpoints that people can take
advantage of as much Identity code as possible.
Other people here have used Identity far more than I have. How has it
been as far as the API for you? (Particularly since Jeff created his
predicate system.)
Kevin
--
Kevin Dangoor
Author of the Zesty News RSS newsreader
email: [EMAIL PROTECTED]
company: http://www.BlazingThings.com
blog: http://www.BlueSkyOnMars.com
--
Simon Belak
vodja projektnih skupin
e: [EMAIL PROTECTED]
---------------------------------------------------------------------
Hruska d.o.o., agencija za nove medije
Ilirska 21, SI-1000 Ljubljana
t: +386 1 430 25 86 f: +386 1 430 25 87
s: http://www.hruska.si
s: http://akademija.hruska.si (izobrazevalni portal)
s: http://www.elor.si (kadrovski sistem letnih razgovorov)
------------------------------------------------------------------------
Hruska.si - socne resitve
To elektronsko sporocilo in vse morebitne priloge so poslovna skrivnost
in namenjene izkljucno naslovniku. Ce ste sporocilo prejeli pomotoma,
Vas prosimo, da obvestite posiljatelja, sporocilo pa takoj unicite.
Kakrsnokoli razkritje, distribucija ali kopiranje vsebine sporocila je
strogo prepovedano.
This e-mail and any attachments may contain confidential and/or
privileged information and is intended solely for the addressee. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in
this e-mail, or any action taken or omitted to be taken in reliance on
it, is strictly prohibited.
