Con*_*ode 5 python acl authorization formalchemy pyramid
我有一个使用formalchemy管理界面的金字塔项目.我添加了基本的ACL身份验证,即使我通过了身份验证,pyramid_formalchemy插件总是会拒绝.
有关如何仅允许经过身份验证的用户使用pyramid_formalchemy管理界面的任何想法?
授权策略添加如下:
authn_policy = AuthTktAuthenticationPolicy('MYhiddenSECRET', callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()
config = Configurator(
settings=settings,
root_factory='package.auth.RootFactory',
authentication_policy=authn_policy,
authorization_policy=authz_policy
)
# pyramid_formalchemy's configuration
config.include('pyramid_formalchemy')
config.include('fa.jquery')
config.formalchemy_admin('admin', package='package', view='fa.jquery.pyramid.ModelView')
Mic*_*kel 11
pyramid_formalchemy使用权限'view', 'edit', 'delete', 'new'来确定谁可以做什么.它__acl__从您的SQLAlchemy模型对象向下传播.因此,您需要__acl__在每个模型对象上放置一个允许所需组访问这些权限的对象.例如,从pyramid_formalchemy pyramidapp示例项目:
class Bar(Base):
__tablename__ = 'bar'
__acl__ = [
(Allow, 'admin', ALL_PERMISSIONS),
(Allow, 'bar_manager', ('view', 'new', 'edit', 'delete')),
]
id = Column(Integer, primary_key=True)
foo = Column(Unicode(255))
当然,如果你没有提供,__acl__那么它会查看资源树的谱系,直到它到达factory.默认情况下,pyramid_formalchemy定义自己的工厂pyramid_formalchemy.resources.Models,但是您可以将其子类化并提供__acl__给它,作为所有模型的全局:
from pyramid_formalchemy.resources import Models
class ModelsWithACL(Models):
"""A factory to override the default security setting"""
__acl__ = [
(Allow, 'admin', ALL_PERMISSIONS),
(Allow, Authenticated, 'view'),
(Allow, 'editor', 'edit'),
(Allow, 'manager', ('new', 'edit', 'delete')),
]
config.formalchemy_admin('admin', package='package', view=..., factory=ModelsWithACL)
| 归档时间: |
|
| 查看次数: |
2418 次 |
| 最近记录: |