On Mar 22, 3:09 pm, ctalley <[email protected]> wrote:
> 1. There doesn't seem to be any provision for setting password policy
> (length, character mix) and enforcing it at the time a user
> registers. As currently implemented, a user can enter anything - or
> nothing - for a password. Something as simple as IS_NOT_EMPTY and a
> minimum length would help a lot. Can that be added?
ok. good point although there are nice jquery plugins that accomplish
that client side.
> 2. The auth_event table logs a lot of stuff ... login, logout,
> register, create group, update profile, ... It doesn't, however,
> appear to log failed login events. Can that be added?
ok
> 3. Is there any built-in mechanism for managing (e.g., cap, overwrite)
> growth of the auth_event table? Or is it simply up to the sys admin
> to keep track of it so it doesn't get out of control?
no, but you can write a cron to clean it up.
> 4. It's not clear to me what the purpose of the auth_permission table
> is. Can you explain.
A user is member of groups.
members of groups have permission.
A permission is defined by an action (like "create", "select",
"update", "delete" or user defined) and a an optional object to act
upon. This could be a table name, and a record.
group_id=auth.add_group('my_friends')
auth.add_membership(auth.user.id,group_id)
auth.add_permission(group_id,'update',db.mytable,3)
@auth.requires_permission('update',db.mytable,3)
def f(): return dict()
Now only 'my_friends' can call the funciton f since they have
permission to "update" db.mytable record 3.
read about role based access control on Wikipedia.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
