Pyramid 和 FormAlchemy 管理界面

发布于 2024-11-02 03:48:11 字数 660 浏览 0 评论 0原文

我有一个使用正规化学管理界面的金字塔项目。我添加了基本的 ACL 身份验证，即使我已通过身份验证，pyramid_formalchemy 插件也始终会拒绝。

关于如何只允许经过身份验证的用户使用 Pyramid_formalchemy 管理界面有什么想法吗？

授权策略添加如下：

authn_policy = AuthTktAuthenticationPolicy('MYhiddenSECRET', callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()

config = Configurator(
   settings=settings,
   root_factory='package.auth.RootFactory',
   authentication_policy=authn_policy,
   authorization_policy=authz_policy
)

# pyramid_formalchemy's configuration
config.include('pyramid_formalchemy')
config.include('fa.jquery')
config.formalchemy_admin('admin', package='package', view='fa.jquery.pyramid.ModelView')

原文

I have a pyramid project using the formalchemy admin interface. I added the basic ACL authentication and the pyramid_formalchemy plugin always denys even though I am authenticated.

Any thoughts on how only allow authenticated users to use the pyramid_formalchemy admin interface?

The authorization policy was add like this:

authn_policy = AuthTktAuthenticationPolicy('MYhiddenSECRET', callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()

config = Configurator(
   settings=settings,
   root_factory='package.auth.RootFactory',
   authentication_policy=authn_policy,
   authorization_policy=authz_policy
)

# pyramid_formalchemy's configuration
config.include('pyramid_formalchemy')
config.include('fa.jquery')
config.formalchemy_admin('admin', package='package', view='fa.jquery.pyramid.ModelView')

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

得不到的就毁灭 2024-11-09 03:48:11

pyramid_formalchemy 使用权限“查看”、“编辑”、“删除”、“新建” 来确定谁可以做什么。 __acl__ 从 SQLAlchemy 模型对象向下传播。因此，您需要在每个模型对象上放置一个 __acl__ ，以允许您所需的组访问这些权限。例如，来自 pyramid_formalchemy pyramidapp 示例项目：

class Bar(Base):
    __tablename__ = 'bar'
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, 'bar_manager', ('view', 'new', 'edit', 'delete')),
        ]
    id = Column(Integer, primary_key=True)
    foo = Column(Unicode(255))

当然，如果您不提供 __acl__ 那么它将在资源树，直到到达工厂。默认情况下，pyramid_formalchemy 定义了自己的工厂 pyramid_formalchemy.resources.Models，但是您可以对其进行子类化并为其提供 __acl__ 作为全局变量对于您的所有型号：

from pyramid_formalchemy.resources import Models

class ModelsWithACL(Models):
    """A factory to override the default security setting"""
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, Authenticated, 'view'),
            (Allow, 'editor', 'edit'),
            (Allow, 'manager', ('new', 'edit', 'delete')),
        ]

config.formalchemy_admin('admin', package='package', view=..., factory=ModelsWithACL)

pyramid_formalchemy uses the permissions 'view', 'edit', 'delete', 'new' to determine who can do what. The __acl__ is propagated down from your SQLAlchemy model object. Thus, you need to put an __acl__ on each of your model objects allowing your desired groups access to those permissions. For example, from the pyramid_formalchemy pyramidapp example project:

class Bar(Base):
    __tablename__ = 'bar'
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, 'bar_manager', ('view', 'new', 'edit', 'delete')),
        ]
    id = Column(Integer, primary_key=True)
    foo = Column(Unicode(255))

Of course, if you do not supply an __acl__ then it will look in the lineage of the resource tree until it hits the factory. By default, pyramid_formalchemy defines its own factory pyramid_formalchemy.resources.Models, however you can subclass this and provide an __acl__ to it, as a global for all of your models:

from pyramid_formalchemy.resources import Models

class ModelsWithACL(Models):
    """A factory to override the default security setting"""
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, Authenticated, 'view'),
            (Allow, 'editor', 'edit'),
            (Allow, 'manager', ('new', 'edit', 'delete')),
        ]

config.formalchemy_admin('admin', package='package', view=..., factory=ModelsWithACL)

回复收藏 0 原文

~没有更多了~