Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Changes between Version 43 and Version 44 of IdentityManagement


Ignore:
Timestamp:
04/06/06 10:03:34 (13 years ago)
Author:
fredlin
Comment:

use CatWalk to add identity user, group

Legend:

Unmodified
Added
Removed
Modified
  • IdentityManagement

    v43 v44  
    1111PART 1 
    1212{{{ 
     13Add identity user and group 
    1314Use Identity in Controller 
    14 Restrict Access 
    1515Identity Management API 
    1616}}} 
     
    3232== PART 1 == 
    3333 
    34 == Use Identity in Controller == 
     34== Add identity user and group == 
    3535 
    3636=== Step 1 - Create new project ===  
     
    6868You can access any other pages without trouble, because we haven't "protect" those pages by identity decorator. 
    6969 
    70 === Step 4 - protect your pages === 
     70 
     71=== Step 4 - Create user and group === 
     72 
     73We just learn howto protect our page, but for now we can't access those protected pages any more.  
     74 
     75Since we haven't specify any user or groups for permissions, we need to add some user/group/admission to login to the protected pages. 
     76 
     77Using Catwalk is probably the easiest way to create user/group/permissions.  
     78 
     79==== 1. Import identity models ==== 
     80Modify the project_name/model.py 
     81 
     82{{{ 
     83#!python 
     84# Uncomment the following line if you wish to use Identity and SO_Provider 
     85from turbogears.identity.soprovider import TG_User, TG_Group, TG_Permission 
     86}}} 
     87 
     88to import the TG_User, TG_Group, TG_Permission model classes. 
     89 
     90==== 2. Use Catwalk to create user and group ==== 
     91 
     92Start {{{Turbogears}}} toolbox 
     93 
     94{{{ 
     95$tg-admin toolbox 
     96}}} 
     97 
     98Enter catwalk, Now you can see TG_Group, TG_Permission, TG_User classes in left side. 
     99use following steps to add proper group and user: 
     100 
     101===== 1. Add Group ===== 
     102Select TG_Group. 
     103 
     104Click "Add TG_Group+" button. 
     105 
     106Then add the displayName and groupId 
     107 
     108{{{ 
     109ex:  
     110displayName : Administrators 
     111groupId :admin 
     112}}} 
     113 
     114Press "Save" button 
     115 
     116===== 2. Add a new User ===== 
     117Select TG_User. 
     118 
     119Click "Add TG_User+" button. 
     120 
     121Then add user infomations 
     122 
     123{{{ 
     124ex:  
     125displayName : Fred Lin 
     126userId : root 
     127emailAddress : ooo@xxx.oo 
     128password : ooxx 
     129}}} 
     130 
     131Press "Save" button 
     132 
     133===== 3. Add the user to admin group ===== 
     134Now we are in the "Browse" tag, click the arrow sign in front of "groups".  
     135 
     136It will show a drop down list. In example, click "Manage Relations" to select the "administrators" group from right field to the "root" user.  
     137 
     138Click "Add Selected" to move selected group from right to left. Then click "Save" to confirm the process. 
     139 
     140---- 
     141 
     142== Use Identity in Controller == 
     143 
     144=== Step 1 - protect your pages === 
    71145You can protect your pages by using identity decorator(decorator usage is as the expose decorator "@turbogears.expose()" you've learned) 
    72146 
    73 '''1'''. Edit controllers.py 
     147'''1.''' Edit controllers.py 
    74148 
    75149Add this code on the top of the file: 
     
    80154}}} 
    81155 
    82 '''2'''. Protect Pages 
     156'''2.''' Protect Pages 
    83157 
    84158If you want to protect any method(page is just a python method), add an identity decorator over the method. 
     
    103177See the API section below.  
    104178 
    105 === Step 5 - Create a user and group === 
    106  
    107 We just learn howto protect our page, but for now we can't access those protected pages any more.  
    108  
    109 Since we haven't specify any user or groups for permissions, we need to add some user/group/admission to login to the protected pages. 
     179  
     180=== Step 2 - Revisit protected page and login === 
     181 
     182Browse to http://localhost:8080/ again and login, this time you should see the content of index page 
     183 
     184---- 
     185 
     186== API == 
     187 
     188=== Single Permission Control === 
     189 
     190You need to use the permission control functions in the {{{identity}}} namespace. For example: 
     191 
     192==== Restrict access groups ==== 
     193{{{ 
     194#!python 
     195@identity.require( identity.in_group( "admin" ) ) 
     196}}} 
     197 
     198Many people wanted something more flexible, any of the following are valid require decorators: 
     199 
     200{{{ 
     201#!python 
     202@identity.require( identity.in_all_groups( "admin", "editor" ) ) 
     203 
     204@identity.require( identity.in_any_group( "admin", "editor" ) ) 
     205 
     206@identity.require( identity.not_anonymous() ) 
     207 
     208}}} 
     209 
     210---- 
     211 
     212==== Restrict access permissions ==== 
     213 
     214{{{ 
     215#!python 
     216@identity.require( identity.has_permission( "edit" ) ) 
     217 
     218@identity.require( identity.has_all_permissions( "edit", "delete", "update" ) ) 
     219 
     220@identity.require( identity.has_any_permission( "edit", "delete", "update" ) ) 
     221}}} 
     222 
     223==== Restrict access host ==== 
     224{{{ 
     225#!python 
     226@identity.require( identity.from_host( "127.0.0.1" )) 
     227 
     228@identity.require( identity.from_any_host( , , )) 
     229}}} 
     230 
     231=== Combination Permission Control === 
     232 
     233You can combine several permissions by "Any" or "All": 
     234 
     235{{{ 
     236#!python 
     237     @identity.require( Any( identity.in_group( "admin" ), identity.has_permission( "edit" ) ) ) 
     238}}} 
     239 
     240The require decorator checked whether the visitor was a member of the "admin" group or had the "edit" permission. 
     241 
     242{{{ 
     243#!python 
     244     @identity.require( All( identity.from_host( "127.0.0.1" ), identity.has_permission( "edit" ) ) ) 
     245 
     246     @identity.require( All( identity.from_any_host( "127.0.0.1", "10.0.0.1"), identity.in_group("editor" ) ) ) 
     247}}} 
     248 
     249 
     250== Add user and group by shell == 
     251 
     252Use "tg-admin shell" if you can't get Catwalk set up. 
    110253 
    111254{{{ 
     
    122265}}} 
    123266 
    124  
    125 === Step 6 - Add the user to admin group === 
     267=== Add the user to admin group === 
    126268{{{ 
    127269#!python 
     
    137279}}} 
    138280 
    139 === Step 7 - Revisit protected page and login === 
    140  
    141 Browse to http://localhost:8080/ again and login, this time you should see the content of index page 
    142  
    143 #TODO using SQLAlchemy instead of SQLObject 
    144 #TODO LdapIdentityProvider 
    145  
    146 ---- 
    147  
    148 == API == 
    149  
    150 === Single Permission Control === 
    151  
    152 You need to use the permission control functions in the {{{identity}}} namespace. For example: 
    153  
    154 ==== Restrict access groups ==== 
    155 {{{ 
    156 #!python 
    157 @identity.require( identity.in_group( "admin" ) ) 
    158 }}} 
    159  
    160 Many people wanted something more flexible, any of the following are valid require decorators: 
    161  
    162 {{{ 
    163 #!python 
    164 @identity.require( identity.in_all_groups( "admin", "editor" ) ) 
    165  
    166 @identity.require( identity.in_any_group( "admin", "editor" ) ) 
    167  
    168 @identity.require( identity.not_anonymous() ) 
    169  
    170 }}} 
    171  
    172 ==== Restrict access permissions ==== 
    173  
    174 {{{ 
    175 #!python 
    176 @identity.require( identity.has_permission( "edit" ) ) 
    177  
    178 @identity.require( identity.has_all_permissions( "edit", "delete", "update" ) ) 
    179  
    180 @identity.require( identity.has_any_permission( "edit", "delete", "update" ) ) 
    181 }}} 
    182  
    183 ==== Restrict access host ==== 
    184 {{{ 
    185 #!python 
    186 @identity.require( identity.from_host( "127.0.0.1" )) 
    187  
    188 @identity.require( identity.from_any_host( , , )) 
    189 }}} 
    190  
    191 === Combination Permission Control === 
    192  
    193 You can combine several permissions by "Any" or "All": 
    194  
    195 {{{ 
    196 #!python 
    197      @identity.require( Any( identity.in_group( "admin" ), identity.has_permission( "edit" ) ) ) 
    198 }}} 
    199  
    200 The require decorator checked whether the visitor was a member of the "admin" group or had the "edit" permission. 
    201  
    202 {{{ 
    203 #!python 
    204      @identity.require( All( identity.from_host( "127.0.0.1" ), identity.has_permission( "edit" ) ) ) 
    205  
    206      @identity.require( All( identity.from_any_host( "127.0.0.1", "10.0.0.1"), identity.in_group("editor" ) ) ) 
    207 }}} 
    208  
    209  
    210281 
    211282---- 
     
    363434Setting identity by config has not implement yet. 
    364435 
    365 Using Catwalk is probably the easiest way to create user/group/permissions(But it doen't work in 0.92) Use this method if you can't get Catwalk set up. 
    366  
    367436Using tg-admin shell to add identity user/group is not work under 0.9a2. patch is [http://groups.google.com/group/turbogears/browse_thread/thread/e1cd7e5e8cb26bba/9f8ae06fbe07bd5a here] 
    368437 
    369438---- 
     439 
     440 
     441 
     442#TODO using SQLAlchemy instead of SQLObject 
     443 
     444#TODO LdapIdentityProvider