wiki:IdentityManagement
Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Version 3 (modified by anonymous, 9 years ago) (diff)

--

This was ripped from  Jeff Watkins' blog.

...with a little changes to play nice with latest svn [as of 6th Nov 2005]

I just committed the code for the TurboGears identity management support (revision 89). And because this is such new code, I thought it might be helpful to include a short How To for getting everything up and running.

This How To is written from the perspective of a fresh quick-started project, but most everything applies for existing projects.

Step 1 Create new project (idtest). Set dburi.

Step 2 Edit idtest.egg-info/sqlobject.txt

db_module=idtest.model,  turbogears.identity.model.somodel

Step 3 Create login.kid

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml"
        xmlns:py="http://purl.org/kid/ns#"
        py:extends="'master.kid'">

    <head>
        <meta content="text/html; charset=UTF-8"
            http-equiv="content-type" py:replace="''"/>
        <title>Login to TurboGears</title>
    </head>

    <body>
        <h2>Login</h2>
        <p>${message}</p>
        <form action="${previous_url}" method="POST">
            <label for="user_name">User Name:</label>
            <input type="text" id="user_name" name="user_name"/><br/>

            <label for="password">Password:</label>
            <input type="password" id="password" name="password"/><br/>

            <input type="submit" value="Login"/>
        </form>
    </body>
    </html>

Step 4 Create secured.kid

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
   xmlns:py="http://purl.org/kid/ns#"
   py:extends="'master.kid'">

<head>
    <meta content="text/html; charset=UTF-8"
        http-equiv="content-type" py:replace="''"/>
   <title>Welcome to Secured TurboGears</title>
</head>

<body>
    <h2>Secure!</h2>
    <p>This page is secured.</p>
</body>
</html>

Step 5 Modify controllers.py

from turbogears import identity
import cherrypy

@turbogears.expose( html="idtest.templates.login" )
def login( self, *args, **kw ):
    if hasattr(cherrypy.request,"identity_exception"):
        msg= str(cherrypy.request.identity_exception)
    else:
        msg= "Please log in"
    cherrypy.response.status=403
    return dict( message=msg, previous_url=cherrypy.request.path )
    #to preserve the session you may want to return this instead:
    #return dict( message = msg, previous_url = turbogears.url( cherrypy.request.path, cherrypy.request.paramMap ) )

@turbogears.expose( html="idtest.templates.secured" )
@identity.require( group="admin" )
def secured( self ):
    return dict()

Step 6 Turn on Identity management and configure failure url in dev.cfg

[global]
identity.on=True
identity.failure_url="/login"

Step 7 Create the database

tg-admin sql create

Step 8 Create a user and group

tg-admin shell

Python 2.4.1 (#2, Mar 31 2005, 00:05:10) 
[GCC 3.3 20030304 (Apple Computer, Inc. build 1666)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> turbogears.identity.model.somodel import *
>>> hub.begin()
>>> u=User( userId="jeff", emailAddress="jeff@metrocat.org",
            displayName="Jeff Watkins", password="xxxxx" )
>>> g=Group( groupId="admin", displayName="Administrators" )
>>> hub.commit()
>>>

Step 9 Start project and visit secured page and login. Should fail with message:

Not member of group: admin

Step 10 Add user to admin group

tg-admin shell

Python 2.4.1 (#2, Mar 31 2005, 00:05:10) 
[GCC 3.3 20030304 (Apple Computer, Inc. build 1666)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> from turbogears.identity.model import *
>>> hub.begin()
>>> u=User.get(1)
>>> g=Group.get(1)
>>> u.addGroup(g)
>>> hub.commit()
>>>

Step 11 Revisit secured page and login. Should succeed.


Other Considerations

Question: how do I retrieve the userId in my application code? Answer: Actually you can access the entire User object by accessing turbogears.identity.current.user. This gives you access to the userId, displayName, emailAddress, and creation date.

Question: So, if I wanted to access the users’ group info, how would I do that? Answer:

...there are two ways you can access the group information.

   1. Via the current identity object:

from turbogears import identity
if 'admin' in identity.current.groups:
    pass

   2. Via the user object on the current identity:

from turbogears import identity
if 'admin' in [g.groupId for g in identity.current.user.groups]:
    pass

Option number 2 only works if your using a Model that supports groups on the user object. So, with the default model you’ll be set. Other models might not work so well.

Attachments