Would you mind opening an "enhancment" ticket for this (slated for 1.0) so that the idea doesn't get lost. I'm sure you're correct that this can be made more efficient, and identity is in a critical path in the code.
I do still want to see an identity provider at some point that doesn't touch the database at all after initial authentication (by storing the groups in a secure cookie). Kevin On 5/14/06, jvanasco <[EMAIL PROTECTED]> wrote: > > i couldn't use the identity in tg, so i made my own implementation > > after working quite a bit on my own, then taking some advice from the > folks on the cherrypy list, i'd like to suggest this improvement that > should be compatible with the current id system > > it cuts down on the function calls by a great deal -- the secure > resource works by overriding the __getattribute__ builtin, then doing > some stuff that I think is kind of scary to figure out if it should run > or not. it also runs several times throughout the filter chain, so you > end up with many calls to it and numerous predicate checks. > > this approach might not be suitable for all situations ( i didn't > integrate a secured object ), but i'm suggesting it as a stepping stone > to a more efficient system > > ===== > url_login_required= "/path/to/login" > > class SecuredControllerFilter(object): > """ > This filter runs 1x on a before_main to make sure that our secured > resource has permissions > """ > def before_main(self): > if not get_request_privileged(): > raise SecuredControllerFailure() > > class SecuredController(tg.controllers.Controller): > """ > secured resources inherit from this controller. > The class is blank when we define it, as it needs some magic done > on startup > """ > pass > > def _SecuredController_init(): > """ > this is our magic startup hook > it copies the root filters from TG (not available earlier), and > appends our Secured filter to it > caveat: i have no idea how to integrate this better so we can > recognze diffferent _cp_filters per mounted tree element > """ > SecuredController._cp_filters= [i for i in > cherrypy.root._cp_filters] > SecuredController._cp_filters.append( SecuredControllerFilter() ) > > class SecuredControllerFailure(cherrypy.InternalRedirect): > """ > Our failure class > """ > def __init__(self): > cherrypy.InternalRedirect.__init__(self, url_login_required) > > def get_request_privileged(): > """ > code here for predicate checking by whatever you want > """ > pass > > def page_user_startup(): > """called during TG startup. integrates our class into the > cherrypy request API""" > _SecuredController_init() > > ===== > > > > > -- Kevin Dangoor TurboGears / Zesty News email: [EMAIL PROTECTED] company: http://www.BlazingThings.com blog: http://www.BlueSkyOnMars.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
