Changeset 1252

Timestamp:

04/26/06 15:18:30 (3 years ago)

Author:

kevin

Message:

the identity model is now placed in a quickstart project.

Files:

• branches/1.0/CHANGELOG.txt (modified) (2 diffs)
• branches/1.0/CONTRIBUTORS.txt (modified) (1 diff)
• branches/1.0/plugins/json/turbojson/jsonify.py (modified) (2 diffs)
• branches/1.0/turbogears/command/quickstart.py (modified) (9 diffs)
• branches/1.0/turbogears/identity/__init__.py (modified) (3 diffs)
• branches/1.0/turbogears/identity/soprovider.py (modified) (13 diffs)
• branches/1.0/turbogears/qstemplates/quickstart/+package+/config/app.cfg_tmpl (modified) (6 diffs)
• branches/1.0/turbogears/qstemplates/quickstart/+package+/controllers.py_tmpl (modified) (3 diffs)
• branches/1.0/turbogears/qstemplates/quickstart/+package+/json.py_tmpl (added)
• branches/1.0/turbogears/qstemplates/quickstart/+package+/model.py_tmpl (modified) (2 diffs)
• branches/1.0/turbogears/qstemplates/quickstart/+package+/tests/test_model.py_tmpl (modified) (2 diffs)

branches/1.0/CHANGELOG.txt

@@ -16 +16 @@
-  permissionId to be user\_name, group\_name, and permission_name.
-* visit\_id has been deprecated in favor of visit_key
+
+*Changes*
+
+* Identity model classes are now placed directly into the model.py of
+  a quickstarted project. This new setup is much easier to change,
+  since requirements for the identity model vary dramatically. Another
+  advantage is that quickstart projects that don't need identity
+  start off with cleaner code, and projects that do need identity
+  need almost no additional configuration or setup.
+* quickstart projects include a "json.py" file as a home for JSON
+  view code.
-
-*Fixes*
@@ -35 +46 @@
-
-Alberto Valverde González, Jeff Watkins, Max Ischenko, Michele Cella, 
-ost Moesker, Joseph Tate, Andrey Lebedev,
-
+rge Vargas, Joost Moesker, Joseph Tate, 
+Andrey Lebedev, 
-
-0.9a4 (April 5, 2006)

branches/1.0/CONTRIBUTORS.txt

@@ -18 +18 @@
-* Alberto Valverde
-* Lee McFadden
+* Jorge Godoy
-* Ondrej Zara (author of WWW SQL Designer)
-

branches/1.0/plugins/json/turbojson/jsonify.py

@@ -32 +32 @@
-    result['id'] = obj.id
-    for name in obj.sqlmeta.columns.keys():
-jsonify(getattr(obj, name)
+getattr(obj, name
-    return result
-jsonify_sqlobject = jsonify.when(
@@ -48 +48 @@
-
-def jsonify_select_results(obj):
-jsonify_
+
-jsonify_select_results = jsonify.when(
-        'isinstance(obj, sqlobject.SQLObject.SelectResultsClass)')(

branches/1.0/turbogears/command/quickstart.py

@@ -40 +40 @@
-                            "quickstart")
-    summary = "web framework"
+    use_cheetah = True
-   
-
@@ -88 +89 @@
-    package = None
-    templates = "turbogears"
+    identity = None
-    
-    def __init__(self, version):
-
-
-
+
+
+
+
+
-            dest="package")
-
+
+
-            action="store_true", dest="dry_run")
-
+
+
-            dest="templates", default = self.templates)
+        parser.add_option("-i", "--identity", 
+            help="identity provider to use (sqlobject (default),"
+                 " sqlalchemy, none)",
+            dest="identity", default = self.identity)
+
-        (options, args) = parser.parse_args()
-        self.__dict__.update(options.__dict__)
@@ -118 +129 @@
-                self.package = package
-
+        while not self.identity:
+            self.identity = raw_input("Choose an identity provider sqlobject, sqlalchemy or none [sqlobject]: ").lower()
+            if not self.identity:
+                self.identity = "sqlobject"
+            if self.identity not in ["sqlobject", "sqlalchemy", "none"]:
+                print "Please enter one of 'sqlobject', 'sqlalchemy' or " \
+                      " 'none'"
+                self.identity = ""
+                continue
+    
-        self.name = pkg_resources.safe_name(self.name)
-
@@ -138 +159 @@
-            print("A directory called '%s' already exists. Exiting."
-                      % self.name)
-
-
+
+
+
-        command = create_distro.CreateDistroCommand("create")
-        cmd_args = []
@@ -146 +168 @@
-        cmd_args.append(self.name)
-        cmd_args.append("package=%s" %self.package)
+        cmd_args.append("identity=%s" %self.identity)
-        if self.dry_run:
-            cmd_args.append("--simulate")
@@ -175 +198 @@
-    name = None
-    templates = "turbogears"
+    identity = None
-    
-    def __init__(self, version):
@@ -181 +205 @@
-        parser.add_option("-t", "--templates", help="user specific templates",
-            dest="templates", default=self.templates)
+        parser.add_option("-i", "--identity", 
+            help="identity provider to use (sqlobject (default),"
+                 " sqlalchemy, none)",
+            dest="identity", default = self.identity)
-        (options, args) = parser.parse_args()
-        self.__dict__.update(options.__dict__)
@@ -189 +217 @@
-        self.name = turbogears.util.get_project_name()
-        self.package = turbogears.util.get_package_name()
+        if not self.identity:
+            self.identity = turbogears.config.get("identity.provider", 
+                                                  "none")
-        currentdir = os.path.basename(os.getcwd())
-        if not currentdir == self.name:
@@ -205 +236 @@
-            cmd_args.append(self.name)
-            cmd_args.append("package=%s" %self.package)
+            cmd_args.append("identity=%s" %self.identity)
-            command.run(cmd_args)
-

branches/1.0/turbogears/identity/__init__.py

@@ -13 +13 @@
-from turbogears.util import request_available
-from turbogears.identity.exceptions import *
-
-
-def create_default_provider():
@@ -107 +106 @@
-from turbogears.identity.conditions import *
-
+def encrypt_password(cleartext):
+    # this next one ultimately needs to change to support SQLAlchemy
+    from turbogears.identity.soprovider import encrypt_password
+    return encrypt_password(cleartext)
+
-# declare what should be exported
-__all__ = [ "IdentityManagementNotEnabledException",
@@ -114 +118 @@
-            "set_current_identity", "set_current_provider",
-            "set_identity_errors", "get_identity_errors",
-
+, "encrypt_password"

branches/1.0/turbogears/identity/soprovider.py

@@ -3 +3 @@
-import random
-
-*
+jsonify_sqlobject, jsonify
-from sqlobject import *
-from sqlobject.inheritance import InheritableSQLObject
@@ -49 +49 @@
-group_class= None
-permission_class= None
+visit_class = None
-
-class SqlObjectIdentity(object):
@@ -65 +66 @@
-        # a _user attribute, even if the value is None.
-        try:
-TG_VisitIdentity
+visit_class
-        except SQLObjectNotFound:
-            # The visit ID is invalid
@@ -122 +123 @@
-            return
-        try:
-TG_VisitIdentity
+visit_class
-            visit.destroySelf()
-            # Clear the current identity
@@ -141 +142 @@
-        get=turbogears.config.get
-        
-
+, visit_class
-        
-        user_class_path= get( "identity.soprovider.model.user", 
@@ -150 +151 @@
-        if user_class:
-            log.info("Succesfully loaded \"%s\"" % user_class_path)
+            
-        group_class_path= get( "identity.soprovider.model.group",
-                                __name__ + ".TG_Group" )
@@ -155 +157 @@
-        if group_class:
-            log.info("Succesfully loaded \"%s\"" % group_class_path)
+            
-        permission_class_path= get( "identity.soprovider.model.permission",
-                                    __name__ + ".TG_Permission" )
@@ -160 +163 @@
-        if permission_class:
-            log.info("Succesfully loaded \"%s\"" % permission_class_path)
+        
+        visit_class_path= get( "visit.soprovider.model",
+                                __name__ + ".TG_VisitIdentity" )
+        visit_class= load_class(visit_class_path)
+        if visit_class:
+            log.info("Succesfully loaded \"%s\"" % visit_class_path)
+        
-            
-        # Default encryption algorithm is to use plain text passwords
@@ -177 +187 @@
-            group_class.createTable(ifNotExists=True)
-            permission_class.createTable(ifNotExists=True)
-TG_VisitIdentity
+visit_class
-            hub.commit()
-            hub.end()
@@ -204 +214 @@
-            # Link the user to the visit
-            try:
-TG_VisitIdentity
+visit_class
-                link.user_id= user.id
-            except SQLObjectNotFound:
-TG_VisitIdentity
+visit_class
-            return SqlObjectIdentity( visit_key, user )
-            
@@ -275 +285 @@
-def jsonify_group(obj):
-    result = jsonify_sqlobject( obj )
-jsonify( [u.user_name for u in obj.users] )
-jsonify( [p.permission_name for p in obj.permissions] )
+[u.user_name for u in obj.users]
+[p.permission_name for p in obj.permissions]
-    return result
-
@@ -334 +344 @@
-    result = jsonify_sqlobject( obj )
-    del result['password']
-jsonify( [g.group_name for g in obj.groups] )
-jsonify( [p.permission_name for p in obj.permissions] )
+[g.group_name for g in obj.groups]
+[p.permission_name for p in obj.permissions]
-    return result
-
@@ -358 +368 @@
-def jsonify_permission(obj):
-    result = jsonify_sqlobject( obj )
-jsonify( [g.group_name for g in obj.groups] )
+[g.group_name for g in obj.groups]
-    return result
-
-jsonify_permission = jsonify.when(
-        'isinstance(obj, TG_Permission)')(jsonify_permission)
+
+def encrypt_password(cleartext_password):
+    try:
+        hash = identity.current_provider.\
+                            encrypt_password(cleartext_password)
+    except identity.exceptions.RequestRequiredException:
+        # Creating identity provider just to encrypt password
+        # (so we don't reimplement the encryption step).
+        ip = SqlObjectIdentityProvider()
+        hash = ip.encrypt_password(cleartext_password)
+        if hash == cleartext_password:
+            log.info("Identity provider not enabled, and no encryption "
+                    "algorithm "
+                    "specified in config.  Setting password as plaintext.")
+    return hash

branches/1.0/turbogears/qstemplates/quickstart/+package+/config/app.cfg_tmpl

@@ -34 +34 @@
-# tg.mochikit_all = False
-
+#if $identity != 'none'
-# VISIT TRACKING
-# Each visit to your application will be assigned a unique visit ID tracked via
@@ -40 +41 @@
-
-# Enable Visit tracking
-# visit.on=Fals
+visit.on=Tru
-
-# Number of minutes a visit may be idle before it expires.
@@ -58 +59 @@
-
-# The name of the VisitManager plugin to use for visitor tracking.
-# visit.manager="sqlobject
+visit.manager="${identity}
-
+#if $identity == "sqlobject"
+# Database class to use for visit tracking
+visit.soprovider.model = "${package}.model.VisitIdentity"
+#else if $identity == "sqlalchemy"
+# Database class to use for visit tracking
+visit.saprovider.model = "${package}.model.VisitIdentity"
+#end if
-
-# IDENTITY
@@ -66 +74 @@
-
-# Switch to turn on or off the Identity management module
-# identity.on=Fals
+identity.on=Tru
-
-# [REQUIRED] URL to which CherryPy will internally redirect when an access
-# control check fails. If Identity management is turned on, a value for this
-# option must be specified.
-
+
-
-
-
-
+
-
-# The names of the fields on the login form containing the visitor's user ID
@@ -90 +96 @@
-# identity.source="form,http_auth,visit"
-
-
+
-# SqlObjectIdentityProvider
-# Configuration options for the default IdentityProvider
-# -------------------------
-
-
-
-
-
+
-# SQL keywords for class names (at least unless you specify a different table
-# name using sqlmeta).
-# identity.soprovider.model.user="${package}.model.MyUserClass
-# identity.soprovider.model.group="${package}.model.MyGroupClass
-# identity.soprovider.model.permission="${package}.model.MyPermissionClass
+identity.soprovider.model.user="${package}.model.User
+identity.soprovider.model.group="${package}.model.Group
+identity.soprovider.model.permission="${package}.model.Permission
-
-# The password encryption algorithm used when comparing passwords against what's
@@ -117 +120 @@
-
-# identity.soprovider.encryption_algorithm=None
+#else 
+# SqlAlchemyIdentityProvider
+# Configuration options for the default IdentityProvider
+# -------------------------
-
+# The classes you wish to use for your Identity model. Remember to not use reserved
+# SQL keywords for class names (at least unless you specify a different table
+# name using sqlmeta).
+identity.saprovider.model.user="${package}.model.User"
+identity.saprovider.model.group="${package}.model.Group"
+identity.saprovider.model.permission="${package}.model.Permission"
+
+# The password encryption algorithm used when comparing passwords against what's
+# stored in the database. Valid values are 'md5' or 'sha1'. If you do not
+# specify an encryption algorithm, passwords are expected to be clear text.
+#
+# The SqlAlchemyProvider *will* encrypt passwords supplied as part of your login
+# form.  If you set the password through the password property, like:
+# my_user.password = 'secret'
+# the password will be encrypted in the database, provided identity is up and 
+# running, or you have loaded the configuration specifying what encryption to
+# use (in situations where identity may not yet be running, like tests).
+
+# identity.saprovider.encryption_algorithm=None
+#end if
+#end if
-[/static]
-static_filter.on = True

branches/1.0/turbogears/qstemplates/quickstart/+package+/controllers.py_tmpl

@@ -3 +3 @@
-from turbogears import controllers, expose, redirect
-from turbogears import identity
+
+from ${package} import json
-
-class Root(controllers.RootController):
@@ -9 +11 @@
-        import time
-        return dict(now=time.ctime())
+#if $identity != "none"
-
-    @expose(template="${package}.templates.login")
@@ -37 +40 @@
-        identity.current.logout()
-        raise redirect("/")
+#end if

branches/1.0/turbogears/qstemplates/quickstart/+package+/model.py_tmpl

@@ +1 @@
+#if $identity != "none"
+from datetime import datetime
+
+#end if
-from sqlobject import *
-from turbogears.database import PackageHub
-
-
+
+
+
-
-hub = PackageHub("${package}")
@@ -9 +14 @@
-# class YourDataClass(SQLObject):
-#     pass
+
+
+#if $identity=="sqlobject"
+
+class VisitIdentity(SQLObject):
+    visit_key = StringCol( length=40, alternateID=True,
+                          alternateMethodName="by_visit_key" )
+    user_id = IntCol()
+
+
+class Group(SQLObject):
+    """
+    An ultra-simple group definition.
+    """
+    
+    # names like "Group" and "Order" are reserved words in SQL
+    # so we set the name to something safe for SQL
+    class sqlmeta:
+        table="tg_group"
+    
+    group_name = UnicodeCol( length=16, alternateID=True,
+                            alternateMethodName="by_group_name" )
+    display_name = UnicodeCol( length=255 )
+    created = DateTimeCol( default=datetime.now )
+
+    # collection of all users belonging to this group
+    users = RelatedJoin( "User", intermediateTable="user_group",
+                        joinColumn="group_id", otherColumn="user_id" )
+
+    # collection of all permissions for this group
+    permissions = RelatedJoin( "Permission", joinColumn="group_id", 
+                              intermediateTable="group_permission",
+                              otherColumn="permission_id" )
+
+
+class User(SQLObject):
+    """
+    Reasonably basic User definition. Probably would want additional attributes.
+    """
+    user_name = UnicodeCol( length=16, alternateID=True,
+                           alternateMethodName="by_user_name" )
+    email_address = UnicodeCol( length=255, alternateID=True,
+                               alternateMethodName="by_email_address" )
+    display_name = UnicodeCol( length=255 )
+    password = UnicodeCol( length=40 )
+    created = DateTimeCol( default=datetime.now )
+
+    # groups this user belongs to
+    groups = RelatedJoin( "Group", intermediateTable="user_group",
+                         joinColumn="user_id", otherColumn="group_id" )
+
+    def _get_permissions( self ):
+        perms = set()
+        for g in self.groups:
+            perms = perms | set(g.permissions)
+        return perms
+        
+    def _set_password( self, cleartext_password ):
+        "Runs cleartext_password through the hash algorithm before saving."
+        hash = identity.encrypt_password(cleartext_password)
+        self._SO_set_password(hash)
+        
+    def set_password_raw( self, password ):
+        "Saves the password as-is to the database."
+        self._SO_set_password(password)
+
+
+
+class Permission(SQLObject):
+    permission_name = UnicodeCol( length=16, alternateID=True,
+                                 alternateMethodName="by_permission_name" )
+    description = UnicodeCol( length=255 )
+    
+    groups = RelatedJoin( "Group",
+                        intermediateTable="group_permission",
+                         joinColumn="permission_id", 
+                         otherColumn="group_id" )
+
+
+#else if $identity=="sqlalchemy"
+from sqlalchemy.ext.activemapper import *
+
+# tables for SQLAlchemy identity
+user_group = Table( "user_group", __engine__, 
+                      Column( "user_id", Integer,
+                              ForeignKey("user.user_id"),
+                              primary_key=True ),
+                      Column( "group_id", Integer,
+                              ForeignKey("group.group_id"),
+                              primary_key=True ) )
+                      
+group_permission = Table( "group_permission", __engine__,
+                            Column( "group_id", Integer,
+                                    ForeignKey("group.group_id"),
+                                    primary_key=True ),
+                            Column( "permission_id", Integer,
+                                ForeignKey("permission.permission_id"),
+                                    primary_key=True ) )
+
+
+class VisitIdentity(ActiveMapper):
+    class mapping:
+        __table__="visit_identity"
+        visit_key = column( String, # foreign_key="visit.visit_key",
+                          primary_key=True )
+        user_id = column( Integer, foreign_key="user.user_id", index=True )
+
+
+class Group(ActiveMapper):
+    """
+    An ultra-simple group definition.
+    """
+    class mapping:
+        __table__="tg_group"
+        group_id = column( Integer, primary_key=True )
+        group_name = column( Unicode(16), unique=True )
+        display_name = column( Unicode(255) )
+        created = column( DateTime, default=datetime.now )
+
+        users = many_to_many( "User", user_group, backref="groups" )
+        permissions = many_to_many( "Permission", group_permission,
+                                   backref="groups" )
+
+
+class User(ActiveMapper):
+    """
+    Reasonably basic User definition. Probably would want additional attributes.
+    """
+    class mapping:
+        __table__="user"
+        user_id = column( Integer, primary_key=True )
+        user_name = column( Unicode(16), unique=True )
+        email_address = column( Unicode(255), unique=True )
+        display_name = column( Unicode(255) )
+        password = column( Unicode(40) )
+        created = column( DateTime, default=datetime.now )
+
+        groups = many_to_many( "Group", user_group, backref="users" )
+
+    @property
+    def permissions( self ):
+        perms = set()
+        for g in self.groups:
+            perms = perms | set(g.permissions)
+        return perms
+        
+
+class Permission(ActiveMapper):
+    class mapping:
+        __table__="permission"
+        permission_id = column( Integer, primary_key=True )
+        permission_name = column( Unicode(16), unique=True )
+        description = column( Unicode(255) )
+        
+        groups = many_to_many( "Group", group_permission,
+                              backref="permmissions" )
+#end if

branches/1.0/turbogears/qstemplates/quickstart/+package+/tests/test_model.py_tmpl

@@ -6 +6 @@
-
-from turbogears import testutil
-
-
+
-
-# database.set_db_uri("sqlite:///:memory:")
@@ -13 +12 @@
-# class testTG_User(testutil.DBTest):
-#     def get_model(self):
-TG_
+
-#
-#     def test_creation(self):
-#         "Object creation should set the name"
-TG_
+
-#                       email_address = "spam@python.not",
-#                       display_name = "Mr Creosote",