How about this:
AUTHORIZED_EMAILS = ['[email protected]']
url1 = URL('default','you_are_not_authorized')
auth.settings.extra_fields['auth_user']=[Field('authorized','boolean',default=False,compute=lambda
row: row.email in AUTHORIZED_EMAILS)]
if auth.user and not auth.user.authorized and not URL()==url1:
redirect(url1)
On Tuesday, 10 July 2012 13:15:44 UTC-5, Dave wrote:
>
> Agreed. It is not a Janrain specific issue, I am sure the same applies
> for other non-local authentication schemes. In other systems I have
> implemented in the past I would allow authentication externally, but
> configured authorization separately. An example from my past: I have a
> webapp that I would like to use Active Directory authentication for.
> Unfortunately, the audience of authorized users is not the entire company.
> In that case a local database table with a list of authorized users was
> appropriate.
>
> In other cases maybe it makes sense to allow users to "request access" and
> that access to be approved or denied by a system admin. { similar to the
> approval functionality in the default/user/register code }
>
> I suppose as a broader question, I should ask... First, is there already
> a mechanism to separate the functions of authentication and authorization?
> It seems to me that currently if authentication succeeds, that is it...
> There is no authorization step. Second, if the first answer is no, would
> it be desirable to add an extensible authorization capability to the
> framework?
>
> Thoughts?
>
>
>
> On Tuesday, July 10, 2012 1:45:00 PM UTC-4, Massimo Di Pierro wrote:
>>
>> Your problem is limiting the number of users who can sign in. I am not
>> sure this is a janrain issue.
>> You need to handle it somehow at the web2py level and it should be
>> independent on which method you use for authentication (janrain or other).
>>
>> It can be done but how it is done depends on the details of your policy.
>>
>>
>>
>>
>> On Tuesday, 10 July 2012 11:40:08 UTC-5, Dave wrote:
>>>
>>> I spent some time searching for this and have not come up with much.
>>>
>>> Has anybody implemented or tried to implement user authorization (read:
>>> limit users that may sign in) with Janrain?
>>>
>>> I think there are two possibilities here... The first possibility falls
>>> under standard authorization where you define a "list" of users that are
>>> authorized somewhere in db.auth* which is consulted at login. Of course,
>>> there is a potential issue with impersonation where someone other than the
>>> intended user registers a FaceBook, LinkedIn, etc account...
>>>
>>> The other path would be to either gate registration similar
>>> to auth.settings.registration_requires_approval = True for builtin
>>> authentication. That should be fairly easy to implement. OR.. Leave the
>>> Janrain user creation alone and assign a group permission to controller
>>> methods. The downside here is existing site code would have to be
>>> refactored if someone wants to go from local auth to janrain. For example,
>>> @auth.requires_login() would have to become
>>> @auth.requires_membership('authorized') for the same level of security.
>>>
>>> Would anybody (besides me) be interested in this?
>>>
>>> I could work up some code
>>>
>>
