Steve, On Thu, Nov 09, 2006 at 01:47:26AM -0600, Steve Holden wrote: > OK, I've finished the rewrite and I'd appreciate any comments.
Looks good. I'm working remotely at the moment so I only tried adding users/groups via the console. I'll go through it again when I get home and give CatWalk a try. Also, I've only tried it with SQLObject so far. I'll go through it again shortly with SQLAlchemy and make sure all is well there. > I'd also appreciate it if someone could point me to (or provide) the > information on encrypted passwords I'll try to incorporate that. I used Tim's suggestion and now have encrypted passwords. I'm guessing the parameter needs to be set before the database is created, or as least before any users are added. So, after quickstarting the project I changed to the identity_tutorial directory and edited identity_tutorial/config/app.cfg. I found the following line: # identity.soprovider.encryption_algorithm=None Uncommented it and changed it to: identity.soprovider.encryption_algorithm='sha1' According to Tim and the comments in the app.cfg file it can be set to md5 or sha1. After doing so I continued with the tutorial from the "create the database" step and all worked as expected with encrypted passwords. > We also need to explain how the permissions are used to respond to the > comments about ownership and permissions. So there's still a ways to go. I noticed it was lacking in that area. A quick look at the database was enough for me to figure out how to add permissions to groups but some users might find it useful if the tutorial covered adding permissions. I have an idea for an additional tutorial in the "Identity Management" series. How about taking one of the existing tutorials, such as the "Multiuser Todo List", and showing how to add security(identity management) to the project? Being so new to TurboGears I'm not sure if I'm up to such a challange. But, having recently gone through both the "Multiuser Todo List" tutorial and the "Identity Management" tutorial I think would be able to go through the "Multiuser Todo List" tutorial again and add security features to it. I'd be happy to do so and take notes as I go. I then might be able to provide a rough draft that could be polished by a more experienced TurboGears user. After a little initial pondering I have a couple of questions: Can Identity Management be added to an existing TurboGears project or does it have to be included when the project is initially set up? Does the Identity Management system have any built-in functions for dealing with object ownership? For example, in a photo album app when an album is created the user creating the album should be it's owner. And, regular users(without admin priviledges) would likely only be allowed to do things to the albums they own. Some frameworks have an automatic system for setting/checking ownership, usually based on a "magic" column name. As an example with some frameworks if a table has column names such as created_by and/or updated_by it will automatically set those columns to the user who created/updated the row. The above is easy to do even without the functionality being built into the Identity system but if it's already in there I'd rather use it than do it separately. In the identity section on the: http://Docs.TurboGears.org/1.0/SpecificProblems page I see a "User registration and maintenance" system. I haven't tried it out yet. I'll play around with that some before trying to add security to projects. Kevin http://www.RawFedDogs.net http://www.WacoAgilityGroup.org Bruceville, TX Si hoc legere scis nimium eruditionis habes. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
