That may be just the ticket. Especially if I modify the list to be a db table that can be maintained by the site admin. I will give that a try and see what I come up with :)
On Tuesday, July 10, 2012 6:15:23 PM UTC-4, Massimo Di Pierro wrote: > > How about this: > > AUTHORIZED_EMAILS = ['[email protected]'] > url1 = URL('default','you_are_not_authorized') > auth.settings.extra_fields['auth_user']=[Field('authorized','boolean',default=False,compute=lambda > > row: row.email in AUTHORIZED_EMAILS)] > if auth.user and not auth.user.authorized and not URL()==url1: > redirect(url1) > > > > > > On Tuesday, 10 July 2012 13:15:44 UTC-5, Dave wrote: >> >> Agreed. It is not a Janrain specific issue, I am sure the same applies >> for other non-local authentication schemes. In other systems I have >> implemented in the past I would allow authentication externally, but >> configured authorization separately. An example from my past: I have a >> webapp that I would like to use Active Directory authentication for. >> Unfortunately, the audience of authorized users is not the entire company. >> In that case a local database table with a list of authorized users was >> appropriate. >> >> In other cases maybe it makes sense to allow users to "request access" >> and that access to be approved or denied by a system admin. { similar to >> the approval functionality in the default/user/register code } >> >> I suppose as a broader question, I should ask... First, is there already >> a mechanism to separate the functions of authentication and authorization? >> It seems to me that currently if authentication succeeds, that is it... >> There is no authorization step. Second, if the first answer is no, would >> it be desirable to add an extensible authorization capability to the >> framework? >> >> Thoughts? >> >> >> >> On Tuesday, July 10, 2012 1:45:00 PM UTC-4, Massimo Di Pierro wrote: >>> >>> Your problem is limiting the number of users who can sign in. I am not >>> sure this is a janrain issue. >>> You need to handle it somehow at the web2py level and it should be >>> independent on which method you use for authentication (janrain or other). >>> >>> It can be done but how it is done depends on the details of your policy. >>> >>> >>> >>> >>> On Tuesday, 10 July 2012 11:40:08 UTC-5, Dave wrote: >>>> >>>> I spent some time searching for this and have not come up with much. >>>> >>>> Has anybody implemented or tried to implement user authorization (read: >>>> limit users that may sign in) with Janrain? >>>> >>>> I think there are two possibilities here... The first possibility >>>> falls under standard authorization where you define a "list" of users that >>>> are authorized somewhere in db.auth* which is consulted at login. Of >>>> course, there is a potential issue with impersonation where someone other >>>> than the intended user registers a FaceBook, LinkedIn, etc account... >>>> >>>> The other path would be to either gate registration similar >>>> to auth.settings.registration_requires_approval = True for builtin >>>> authentication. That should be fairly easy to implement. OR.. Leave the >>>> Janrain user creation alone and assign a group permission to controller >>>> methods. The downside here is existing site code would have to be >>>> refactored if someone wants to go from local auth to janrain. For >>>> example, >>>> @auth.requires_login() would have to become >>>> @auth.requires_membership('authorized') for the same level of security. >>>> >>>> Would anybody (besides me) be interested in this? >>>> >>>> I could work up some code >>>> >>>
