Ticket #1583 (closed enhancement: wontfix)

Opened 1 year ago

Last modified 1 month ago

[PATCH] Extending identity with special groups

Reported by: cdevienne Assigned to: anonymous
Priority: normal Milestone:
Component: Identity Version: 1.0.3
Severity: normal Keywords:
Cc:

Description

Here is a first patch against the 1.0 branch which implement the "SpecialGroup" feature I describe on the group.

Using it

After applying the patch, quickstart a new sa-based project with identity enabled: 

 tg-admin quickstart -s -i Foo foo

Restrict the use of the welcome page with a permission in controller.py : 

class Root(controllers.RootController):
    @expose(template="youpi.templates.welcome")
    @identity.require(identity.has_permission("privileged_access"))
    def index(self):

After create the database, give that permission to visitors connected from local machine (from tg-admin shell) : 

from turbogears.identity.conditions import from_host

g = SpecialGroup()
g.group_id = 1
g.group_name = 'LocalMachineVisitors'
g.display_name = 'Local visitors'
g.predicate = from_host('127.0.0.1')

session.save(g)

p = Permission(p)
p.permission_id = 1
p.permission_name = 'privileged_access'
p.special_groups.append(g)

session.save(p)

session.flush()

start the app, and try to connect from localhost, and then from another machine.

Limitations

  • The patch is SQLAlchemy only
  • New predicates testing special groups should be added
  • I'm not sure the name "SpecialGroup" is the most adequate.

Attachments

special_group.patch (6.2 kB) - added by cdevienne on 09/27/07 12:13:07.

Change History

09/27/07 12:13:07 changed by cdevienne

  • attachment special_group.patch added.

09/27/07 12:20:59 changed by cdevienne

Sorry I made a mistake in the permission creation script.

Fixed version is : 

from turbogears.identity.conditions import from_host

g = SpecialGroup()
g.group_id = 1
g.group_name = 'LocalMachineVisitors'
g.display_name = 'Local visitors'
g.predicate = from_host('127.0.0.1')

session.save(g)

p = Permission()
p.permission_id = 1
p.permission_name = 'privileged_access'
p.special_groups.append(g)

session.save(p)

session.flush()

08/28/08 16:31:40 changed by Chris Arndt

  • status changed from new to closed.
  • resolution set to wontfix.

This is a nice idea but can be implemented as a TurboGears extension in two parts:

  1. An Identity Provider plug-in
  2. A quickstart template

and then published through the CogBin.

I think yours is not a general requirement enough to justify including this in the TG core.

Alternatively, you are welcome to include this code on the Identity recipes page in the documentation wiki.