Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Changes between Version 38 and Version 39 of IdentityManagement


Ignore:
Timestamp:
04/04/06 14:41:26 (13 years ago)
Author:
fredlin
Comment:

syntax, typo refactor

Legend:

Unmodified
Added
Removed
Modified
  • IdentityManagement

    v38 v39  
    33Work Version: > 0.92a2 
    44 
    5 It's a short How To for getting TurboGears identity management support up and running. 
     5TurboGears identity management architecture was originally from [http://metrocat.org/nerd/2005/10/identity-management-for-turbogears Jeff Watkins], Here is a Tutorial for getting TurboGears identity management support up and running. 
    66 
    77Identity Management can be used in either controller or templates. 
    88 
    9 This How To is written from the perspective of a fresh quick-started project, but most everything applies for existing projects. 
     9For better understanding, The document has been split to 3 part, and covers following topics 
     10 
     11Use Identity in Controller 
     12Use Identity in Template 
     13Restrict Access 
     14Restrict group Access 
     15Customize ORM classes 
     16Retrieve logged users' identity infomation 
     17Identity Management API 
     18 
     19This Tutorial is written from the perspective of a fresh quick-started project, but most everything applies for existing projects. 
    1020 
    1121== PART 1 == 
     
    197207Identity checks can also be used in kid templates to control the present of stricted areas or links(within any html element). 
    198208 
    199 '''1'''. Import turbogears.identity 
     209=== Step 1. Import turbogears.identity === 
    200210 
    201211Make sure you import turbogears.identity in your template (anywhere before you call the turbogears.identity) 
     
    205215}}} 
    206216 
    207 '''2'''. Control the stricted areas 
     217===  Step 2. Control the stricted areas === 
    208218 
    209219We Control the stricted areas by using "py:if" statements: 
    210220 
    211 === Restrict access groups === 
     221==== Restrict access groups ==== 
    212222{{{ 
    213223<a py:if="'admin' in identity.current.groups" href="/test">This is a link for admin</a> 
    214224}}} 
    215225 
    216 === Restrict access permissions === 
     226==== Restrict access permissions ==== 
    217227{{{ 
    218228<div py:if="'write' in identity.current.permissions">This is a write permissions area</div> 
    219229}}} 
    220230 
    221 === Strict the group Access === 
     231---- 
     232 
     233== Restrict the group Access == 
    222234 
    223235There are three ways to Strict the group Access: 
    224236 
    225 '''1'''. Protect your sub-directory  
     237=== 1. Protect your sub-directory === 
    226238 
    227239To turn on identity login for an entire controller(restrict access to whole subdirectory), you should be able to derive your Controller from identity.SecureResource and define a require attribute at the class level. 
     
    237249You can apply whatever decorators you want on the methods of the Toxicologia instance. So each method could have additional restrictions. And Toxicologia could have SecureObjects as well. However, access to exposed methods of Toxicologia and any SecureObjects would have to satisfy the authorisation requirements for Toxicologia. 
    238250 
    239 '''2'''. Check the permissions explicitly 
     251=== 2. Check the permissions explicitly === 
    240252 
    241253Derive your Controller from identity.SecureResource and define a require attribute at the method level 
     
    266278}}} 
    267279 
    268 '''3'''. Write your own decorator function  
     280=== 3. Write your own decorator function === 
    269281 
    270282This is not for the faint at heart. But it gives you absolute flexibility.  
     
    277289== PART 3 == 
    278290 
    279 === Use different classes === 
    280 You can use your own class on Identity Management. 
    281  
    282 '''1'''. Create SQL tables   
     291== Customize ORM classes == 
     292You can use your own class to access database on Identity Management. 
     293 
     294=== 1. Create SQL tables === 
    283295 
    284296Run the application as Step 3. All TG_* tables will be created 
    285297 
    286 '''2'''. Edit project_name/config/app.cfg,  
     298=== 2. Edit project_name/config/app.cfg === 
    287299 
    288300Edit app.cfg, remove the comments from "identity.soprovider" lines.  
     
    301313Change model."User", "Group", "Permission" to whatever you prefer.  
    302314 
    303 '''3'''. Run the application  
     315=== 3. Run the application === 
    304316 
    305317Run the application again as in Step 3. Then you can use your classes to manipulate TurboGear Identity Management. 
    306318 
    307  * refer [http://groups.google.com/group/turbogears/browse_thread/thread/37fc2c8a1a2155ed/be061d37b3f1ba4c#be061d37b3f1ba4c mailing list] 
     319 * refer [http://groups.google.com/group/turbogears/browse_thread/thread/37fc2c8a1a2155ed/be061d37b3f1ba4c#be061d37b3f1ba4c  here] 
    308320 
    309321---- 
     
    337349---- 
    338350 
     351== Notes == 
     352Setting identity by config has not implement yet. 
    339353 
    340354Using Catwalk is probably the easiest way to create user/group/permissions(But it doen't work in 0.92) Use this method if you can't get Catwalk set up. 
    341355 
    342 Using tg-admin shell  to add identity user/group is not work under 0.9a2. patch is [http://groups.google.com/group/turbogears/browse_thread/thread/e1cd7e5e8cb26bba/9f8ae06fbe07bd5a here] 
    343  
    344 === Applying security settings, not from source code, but from configuration data === 
    345 (Not implement yet) 
    346  
    347 You should be able to specify security settings not only from source code but via some other means. The goal is to allow an administrator to set the security policy, not the programmer. 
    348 ---- 
    349  
    350  
    351   '''TurboGears identity management architecture was originally from [http://metrocat.org/nerd/2005/10/identity-management-for-turbogears Jeff Watkins' blog].''' 
    352  
     356Using tg-admin shell to add identity user/group is not work under 0.9a2. patch is [http://groups.google.com/group/turbogears/browse_thread/thread/e1cd7e5e8cb26bba/9f8ae06fbe07bd5a here] 
     357 
     358----