Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Changes between Version 32 and Version 33 of IdentityManagement


Ignore:
Timestamp:
04/02/06 23:02:23 (13 years ago)
Author:
fredlin
Comment:

APIs

Legend:

Unmodified
Added
Removed
Modified
  • IdentityManagement

    v32 v33  
    112112Browse to http://localhost:8080/ again and login, this time you should see the content of index page 
    113113 
     114---- 
     115 
     116== API == 
     117 
     118=== Single Permission Control === 
     119 
     120You need to use the permission control functions in the {{{identity}}} namespace. For example: 
     121 
     122{{{ 
     123#!python 
     124@identity.require( identity.in_group( "admin" ) ) 
     125}}} 
     126 
     127Many people wanted something more flexible, any of the following are valid require decorators: 
     128 
     129{{{ 
     130#!python 
     131@identity.require( identity.in_all_groups( "admin", "editor" ) ) 
     132 
     133@identity.require( identity.in_any_group( "admin", "editor" ) ) 
     134 
     135@identity.require( identity.has_permission( "edit" ) ) 
     136 
     137@identity.require( identity.has_all_permissions( "edit", "delete", "update" ) ) 
     138 
     139@identity.require( identity.has_any_permission( "edit", "delete", "update" ) ) 
     140}}} 
     141 
     142=== Combination Permission Control === 
     143 
     144You can use decorators like theses: 
     145 
     146{{{ 
     147#!python 
     148     @identity.require( Any( identity.in_group( "admin" ), identity.has_permission( "edit" ) ) ) 
     149}}} 
     150 
     151The require decorator checked whether the visitor was a member of the  
     152admin group AND had the permission foo AND had the permission bar. 
     153 
     154{{{ 
     155#!python 
     156     @identity.require( All( identity.from_host( "127.0.0.1" ), identity.has_permission 
     157( "edit" ) ) ) 
     158     @identity.require( All( identity.from_any_host( "127.0.0.1", "10.0.0.1" ),identity.in_group( "editor" ) ) ) 
     159}}} 
     160 
     161 
     162You can also use these same predicates in your own code: 
     163{{{ 
     164#!python 
     165     if identity.in_group( "admin" ) and identity.has_permission( "edit" ): 
     166         pass 
     167     else: 
     168         pass 
     169 
     170}}} 
     171 
     172---- 
     173 
     174 
    114175 
    115176== Extend == 
     
    220281---- 
    221282 
    222 === Note: Create the database === 
    223 In stead of step 3, you can create database manually 
    224 {{{ 
    225 $ tg-admin sql sql 
    226 }}} 
    227  
    228 {{{ 
    229 In the past you decorated your methods as such: 
    230  
    231      @turbogears.expose() 
    232      @identity.require( group="admin", permission="foo,bar" ) 
    233  
    234 The require decorator checked whether the visitor was a member of the   
    235 admin group AND had the permission foo AND had the permission bar. 
    236  
    237 Many people wanted something more flexible, and with revision 400,   
    238 any of the following are valid require decorators: 
    239  
    240      @identity.require( in_group( "admin" ) ) 
    241      @identity.require( in_all_groups( "admin", "editor" ) ) 
    242      @identity.require( in_any_group( "admin", "editor" ) ) 
    243      @identity.require( has_permission( "edit" ) ) 
    244      @identity.require( has_all_permissions( "edit", "delete",   
    245 "update" ) ) 
    246      @identity.require( has_any_permission( "edit", "delete",   
    247 "update" ) ) 
    248  
    249 But most importantly, you can use decorators like theses: 
    250  
    251      @identity.require( Any( in_group( "admin" ), has_permission 
    252 ( "edit" ) ) ) 
    253      @identity.require( All( from_host( "127.0.0.1" ), has_permission 
    254 ( "edit" ) ) ) 
    255      @identity.require( All( from_any_host( "127.0.0.1", "10.0.0.1" ), 
    256                         in_group( "editor" ) ) ) 
    257  
    258 You can also use these same predicates in your own code: 
    259  
    260      if in_group( "admin" ) and has_permission( "edit" ): 
    261          pass 
    262      else: 
    263          pass 
    264  
    265 I still haven't addressed the need for something like `is_owner`,   
    266 because that seems *so* model specific.  
    267 }}} 
    268  
    269 However, you may need to use the in_group, in_all_groups, etc. functions in the {{{identity}}} namespace. For example: 
    270 {{{ 
    271 @identity.require( in_group( "admin" ) ) 
    272 }}} 
    273 changes to 
    274 {{{ 
    275 @identity.require( identity.in_group( "admin" ) ) 
    276 }}} 
    277  
    278 ---- 
    279283 
    280284== FAQ's ==