Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #1583 (closed enhancement: wontfix)

Opened 12 years ago

Last modified 11 years ago

[PATCH] Extending identity with special groups

Reported by: cdevienne Owned by: anonymous
Priority: normal Milestone:
Component: Identity Version: 1.0.3
Severity: normal Keywords:
Cc:

Description

Here is a first patch against the 1.0 branch which implement the "SpecialGroup" feature I  describe on the group.

Using it

After applying the patch, quickstart a new sa-based project with identity enabled:

 tg-admin quickstart -s -i Foo foo

Restrict the use of the welcome page with a permission in controller.py :

class Root(controllers.RootController):
    @expose(template="youpi.templates.welcome")
    @identity.require(identity.has_permission("privileged_access"))
    def index(self):

After create the database, give that permission to visitors connected from local machine (from tg-admin shell) :

from turbogears.identity.conditions import from_host

g = SpecialGroup()
g.group_id = 1
g.group_name = 'LocalMachineVisitors'
g.display_name = 'Local visitors'
g.predicate = from_host('127.0.0.1')

session.save(g)

p = Permission(p)
p.permission_id = 1
p.permission_name = 'privileged_access'
p.special_groups.append(g)

session.save(p)

session.flush()

start the app, and try to connect from localhost, and then from another machine.

Limitations

  • The patch is SQLAlchemy only
  • New predicates testing special groups should be added
  • I'm not sure the name "SpecialGroup" is the most adequate.

Attachments

special_group.patch Download (6.2 KB) - added by cdevienne 12 years ago.

Change History

Changed 12 years ago by cdevienne

comment:1 Changed 12 years ago by cdevienne

Sorry I made a mistake in the permission creation script.

Fixed version is :

from turbogears.identity.conditions import from_host

g = SpecialGroup()
g.group_id = 1
g.group_name = 'LocalMachineVisitors'
g.display_name = 'Local visitors'
g.predicate = from_host('127.0.0.1')

session.save(g)

p = Permission()
p.permission_id = 1
p.permission_name = 'privileged_access'
p.special_groups.append(g)

session.save(p)

session.flush()

comment:2 Changed 11 years ago by Chris Arndt

  • Status changed from new to closed
  • Resolution set to wontfix

This is a nice idea but can be implemented as a  TurboGears extension in two parts:

  1. An  Identity Provider plug-in
  2. A  quickstart template

and then published through the  CogBin.

I think yours is not a general requirement enough to justify including this in the TG core.

Alternatively, you are welcome to include this code on the  Identity recipes page in the documentation wiki.

Note: See TracTickets for help on using tickets.