Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Changes between Version 11 and Version 12 of IdentityManagement


Ignore:
Timestamp:
01/02/06 16:35:56 (13 years ago)
Author:
sc@…
Comment:

Fixed information about the @identity.require decorator

Legend:

Unmodified
Added
Removed
Modified
  • IdentityManagement

    v11 v12  
    101101 
    102102@turbogears.expose( html="idtest.templates.secured" ) 
    103 @identity.require( group="admin" ) 
     103@identity.require( in_group="admin" ) 
    104104def secured( self ): 
    105105    return dict() 
     106}}} 
     107 
     108Note: You may need to revise the above code for the @identity.require decorator. In a [http://groups.google.com/group/turbogears/browse_thread/thread/8dc90943e2cce3ce/42de9e3ae86f7aaf?q=identity&rnum=1#42de9e3ae86f7aaf recent mailing list post], Jeff Watkins says: 
     109{{{ 
     110n the past you decorated your methods as such: 
     111 
     112     @turbogears.expose() 
     113     @identity.require( group="admin", permission="foo,bar" ) 
     114 
     115The require decorator checked whether the visitor was a member of the   
     116admin group AND had the permission foo AND had the permission bar. 
     117 
     118Many people wanted something more flexible, and with revision 400,   
     119any of the following are valid require decorators: 
     120 
     121     @identity.require( in_group( "admin" ) ) 
     122     @identity.require( in_all_groups( "admin", "editor" ) ) 
     123     @identity.require( in_any_group( "admin", "editor" ) ) 
     124     @identity.require( has_permission( "edit" ) ) 
     125     @identity.require( has_all_permissions( "edit", "delete",   
     126"update" ) ) 
     127     @identity.require( has_any_permission( "edit", "delete",   
     128"update" ) ) 
     129 
     130But most importantly, you can use decorators like theses: 
     131 
     132     @identity.require( Any( in_group( "admin" ), has_permission 
     133( "edit" ) ) ) 
     134     @identity.require( All( from_host( "127.0.0.1" ), has_permission 
     135( "edit" ) ) ) 
     136     @identity.require( All( from_any_host( "127.0.0.1", "10.0.0.1" ), 
     137                        in_group( "editor" ) ) ) 
     138 
     139You can also use these same predicates in your own code: 
     140 
     141     if in_group( "admin" ) and has_permission( "edit" ): 
     142         pass 
     143     else: 
     144         pass 
     145 
     146I still haven't addressed the need for something like `is_owner`,   
     147because that seems *so* model specific.  
    106148}}} 
    107149