Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Changes between Version 23 and Version 24 of IdentityManagement


Ignore:
Timestamp:
03/29/06 08:16:58 (13 years ago)
Author:
Fredlin
Comment:

protect sub-directory

Legend:

Unmodified
Added
Removed
Modified
  • IdentityManagement

    v23 v24  
    101101}}} 
    102102 
    103 === Step 7 - Revisit secured page and login === 
     103=== Step 7 - Revisit protected page and login === 
    104104 
    105105Browse to http://localhost:8080/ again and login, this time you should see the content of index page 
    106106 
    107107 
     108=== Extend - protect your sub-directory === 
     109 
     110To turn on identity login for an entire controller(restrict access to whole subdirectory), you should be able to derive from identity.SecureResource and define a require attribute at the class level.  
     111 
     112class MySecureController( turbogears.Controller,   
     113identity.SecureResource ): 
     114        require= identity.in_group( "admin" ) 
     115 
     116        # etc...  
     117 
     118You can apply whatever decorators you want on the methods of the Toxicologia instance. So each method could have additional restrictions. And Toxicologia could have SecureObjects as well. However, access to exposed methods of Toxicologia and any SecureObjects would have to satisfy the authorisation requirements for Toxicologia. 
     119 
    108120---- 
    109121 
    110122= Following contents haven't been re-processed yet = 
    111123 
    112 == Restricting Access to whole Subdirectory == 
    113  
    114 (from mailing list) 
    115  
    116 You should be able to restrict access to a subdirectory by subclassing SecureResource in your descendent objects. So you might have the following: 
    117  
    118 {{{ 
    119 #!python 
    120 class Toxicologia(controller.Controller, identity.SecureResource): 
    121      required_permissions= ["write"] 
    122      required_groups= ["admin"] 
    123      allowed_hosts= ["127.0.0.1"] 
    124      identity_required= True 
    125 }}} 
    126  
    127 You can apply whatever decorators you want on the methods of the Toxicologia instance. So each method could have additional restrictions. And Toxicologia could have SecureObjects as well. However, access to exposed methods of Toxicologia and any SecureObjects would have to satisfy the authorisation requirements for Toxicologia. 
    128  
    129 ---- 
    130124 
    131125== Specifying an 'or' type for group Access == 
     
    174168 
    175169---- 
    176  
    177 == FAQ's == 
    178  
    179 === How do I retrieve the userId in my application code? === 
    180  
    181 Actually you can access the entire User object by accessing turbogears.identity.current.user. This gives you access to the userId, displayName, emailAddress, and creation date. 
    182  
    183 === So, if I wanted to access the users’ group info, how would I do that? === 
    184  
    185 There are two ways you can access the group information. 
    186  
    187 '''1.''' Via the current identity object: 
    188 {{{ 
    189 #!python 
    190 from turbogears import identity 
    191 if 'admin' in identity.current.groups: 
    192     pass 
    193 }}} 
    194 '''2.''' Via the user object on the current identity: 
    195 {{{ 
    196 #!python 
    197 from turbogears import identity 
    198 if 'admin' in [g.groupId for g in identity.current.user.groups]: 
    199     pass 
    200 }}} 
    201  
    202 ''Option number 2 only works if your using a Model that supports groups on the user object. So, with the default model you’ll be set. Other models might not work so well.'' 
    203 ---- 
    204  
    205170 
    206171=== Note: Create the database === 
     
    260225}}} 
    261226 
     227---- 
     228 
     229== FAQ's == 
     230 
     231=== How do I retrieve the userId in my application code? === 
     232 
     233Actually you can access the entire User object by accessing turbogears.identity.current.user. This gives you access to the userId, displayName, emailAddress, and creation date. 
     234 
     235=== So, if I wanted to access the users’ group info, how would I do that? === 
     236 
     237There are two ways you can access the group information. 
     238 
     239'''1.''' Via the current identity object: 
     240{{{ 
     241#!python 
     242from turbogears import identity 
     243if 'admin' in identity.current.groups: 
     244    pass 
     245}}} 
     246'''2.''' Via the user object on the current identity: 
     247{{{ 
     248#!python 
     249from turbogears import identity 
     250if 'admin' in [g.groupId for g in identity.current.user.groups]: 
     251    pass 
     252}}} 
     253 
     254''Option number 2 only works if your using a Model that supports groups on the user object. So, with the default model you’ll be set. Other models might not work so well.'' 
     255---- 
     256 
     257 
    262258 
    263259