I agree with you :this should be a tgext.* package. I'd be happy with something similar to what symfony framework offers: http://symfony.com/fr/doc/current/cookbook/security/acl.html
What about the open issue? Is there any work-in-progress stuff? I would be pleased to help (or to build a tgext package on my own, if no work is going on). Damien note : I would work with sqlalchemy (not ming) ----- Mail original ----- De: "Alessandro Molina" <[email protected]> À: "TurboGears ." <[email protected]> Envoyé: Vendredi 14 Février 2014 01:01:19 Objet: Re: [TurboGears] ACL authorization 'out-of-the-box' ? This is a really good question, it has been raised multiple times and has an open issue on the github tracker: https://github.com/TurboGears/tg2/issues/34 The main reason why it has never been tackled it that is doesn't have a clear implementation and details and requirements depend both on developer preferences and ODM/ORM in use. I really think this is something that should go into a tgext.* package, and not into TurboGears itself. On Wed, Feb 12, 2014 at 12:15 PM, < [email protected] > wrote: Hi, I know this - this is what I means by groups of users. But I also need a "per object permissions", like you can find for example for djnago in django-guardian - https://github.com/lukaszb/django-guardian The "per object permissions" is different from the "groups permissions"; it's complementary and actually I need both. Damien ----- Mail original ----- De: "neeraj mishra" < [email protected] > À: [email protected] Envoyé: Mercredi 12 Février 2014 11:27:33 Objet: Re: [TurboGears] ACL authorization 'out-of-the-box' ? HI, If you look into the bootstrap.py file inside websetup folder, you can make new users, put them in certain groups and give them the required permission. Then for the controllers in which you want only the authorize person should go, you can use the tg.predicates(). Visit this ( http://turbogears.readthedocs.org/en/latest/turbogears/authorization.html ) link to know how to use the tg.predicates. On Tuesday, 11 February 2014 20:53:29 UTC+5:30, lebouquetin wrote: Hi all, I have to implement a web application with authorization based on both "groups" of users (ie admin, simple user, etc) and ACL on some entities (ie a user can access his own entities). Do you know a module or pluggable app implementing something like this "out-of-the-box"? Thanks. Damien -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] . To post to this group, send email to [email protected] . Visit this group at http://groups.google.com/group/turbogears . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] . To post to this group, send email to [email protected] . Visit this group at http://groups.google.com/group/turbogears . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/turbogears . For more options, visit https://groups.google.com/groups/opt_out . -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/turbogears. For more options, visit https://groups.google.com/groups/opt_out.
