Pyramid 和 FormAlchemy 管理界面

发布于 2024-11-02 03:48:11 字数 660 浏览 3 评论 0原文

我有一个使用正规化学管理界面的金字塔项目。我添加了基本的 ACL 身份验证,即使我已通过身份验证,pyramid_formalchemy 插件也始终会拒绝。

关于如何只允许经过身份验证的用户使用 Pyramid_formalchemy 管理界面有什么想法吗?

授权策略添加如下:

authn_policy = AuthTktAuthenticationPolicy('MYhiddenSECRET', callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()

config = Configurator(
   settings=settings,
   root_factory='package.auth.RootFactory',
   authentication_policy=authn_policy,
   authorization_policy=authz_policy
)

# pyramid_formalchemy's configuration
config.include('pyramid_formalchemy')
config.include('fa.jquery')
config.formalchemy_admin('admin', package='package', view='fa.jquery.pyramid.ModelView')

I have a pyramid project using the formalchemy admin interface. I added the basic ACL authentication and the pyramid_formalchemy plugin always denys even though I am authenticated.

Any thoughts on how only allow authenticated users to use the pyramid_formalchemy admin interface?

The authorization policy was add like this:

authn_policy = AuthTktAuthenticationPolicy('MYhiddenSECRET', callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()

config = Configurator(
   settings=settings,
   root_factory='package.auth.RootFactory',
   authentication_policy=authn_policy,
   authorization_policy=authz_policy
)

# pyramid_formalchemy's configuration
config.include('pyramid_formalchemy')
config.include('fa.jquery')
config.formalchemy_admin('admin', package='package', view='fa.jquery.pyramid.ModelView')

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

得不到的就毁灭 2024-11-09 03:48:11

pyramid_formalchemy 使用权限“查看”、“编辑”、“删除”、“新建” 来确定谁可以做什么。 __acl__ 从 SQLAlchemy 模型对象向下传播。因此,您需要在每个模型对象上放置一个 __acl__ ,以允许您所需的组访问这些权限。例如,来自 pyramid_formalchemy pyramidapp 示例项目:

class Bar(Base):
    __tablename__ = 'bar'
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, 'bar_manager', ('view', 'new', 'edit', 'delete')),
        ]
    id = Column(Integer, primary_key=True)
    foo = Column(Unicode(255))

当然,如果您不提供 __acl__ 那么它将在资源树,直到到达工厂。默认情况下,pyramid_formalchemy 定义了自己的工厂 pyramid_formalchemy.resources.Models,但是您可以对其进行子类化并为其提供 __acl__ 作为全局变量对于您的所有型号:

from pyramid_formalchemy.resources import Models

class ModelsWithACL(Models):
    """A factory to override the default security setting"""
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, Authenticated, 'view'),
            (Allow, 'editor', 'edit'),
            (Allow, 'manager', ('new', 'edit', 'delete')),
        ]

config.formalchemy_admin('admin', package='package', view=..., factory=ModelsWithACL)

pyramid_formalchemy uses the permissions 'view', 'edit', 'delete', 'new' to determine who can do what. The __acl__ is propagated down from your SQLAlchemy model object. Thus, you need to put an __acl__ on each of your model objects allowing your desired groups access to those permissions. For example, from the pyramid_formalchemy pyramidapp example project:

class Bar(Base):
    __tablename__ = 'bar'
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, 'bar_manager', ('view', 'new', 'edit', 'delete')),
        ]
    id = Column(Integer, primary_key=True)
    foo = Column(Unicode(255))

Of course, if you do not supply an __acl__ then it will look in the lineage of the resource tree until it hits the factory. By default, pyramid_formalchemy defines its own factory pyramid_formalchemy.resources.Models, however you can subclass this and provide an __acl__ to it, as a global for all of your models:

from pyramid_formalchemy.resources import Models

class ModelsWithACL(Models):
    """A factory to override the default security setting"""
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, Authenticated, 'view'),
            (Allow, 'editor', 'edit'),
            (Allow, 'manager', ('new', 'edit', 'delete')),
        ]

config.formalchemy_admin('admin', package='package', view=..., factory=ModelsWithACL)
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文