2009/4/19 Jeff Rush <[email protected]>: [...] > 2) Alternatively, one could dynamically generate a custom tree of > pages/resources within the realm object, returning a > different tree depending upon the > identity/permissions of the user.
I think this is the preferred approach ATM. > This would seem to make it > complicated to (a) guarantee that all visitors see the exact > same URL structure and, You can share the same URL mapper between all users of you site. > (b) consume more > time/memory with constructing duplicate page/resource trees when thousands of > users may be visiting the site, with a mix of permissions. You don't have to duplicate page resources; you can create a single resource and return it for as many users as you want. > I'm thinking I'll have to write something like decorators for page resources > that front-end the locateChild method (for access control over traversal), > and perhaps the renderHTTP method (for access control over page delivery) with > permissions checking logic. What is your permission model exactly? What kind of limitations of current guard implementation would you like to solve? I think I like the current approach... Once you learn how to use it and how to set it up properly (this is a key phrase here), it will take a few things off your head. Even if setting it up is cumbersome, the idea of web resource wrapping an avatar object is pretty cool, as you don't have to put access control logic into web resource objects -- you just enable these and these resources for that level of privleges, which in fact gives you fine-grained security model. If you look for a tool, that handles setting up such things for you and lets you just concentrate on the code, there's Divmod Mantissa; unfortunatley, it is not a very well documented piece of software. -- m _______________________________________________ Twisted-web mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
