diff options
| author | Chris McDonough <chrism@agendaless.com> | 2009-07-06 23:44:51 +0000 |
|---|---|---|
| committer | Chris McDonough <chrism@agendaless.com> | 2009-07-06 23:44:51 +0000 |
| commit | 8c51fc9077bac0bd5b7a199b08fd3506a0cffcf6 (patch) | |
| tree | d10fb8fdabf4298d5960358d0f54121e27d283d9 /docs/tutorials/bfgwiki2/authorization.rst | |
| parent | a4d4f6b46f5462bf41806957df5e76c07730c7b5 (diff) | |
| download | pyramid-8c51fc9077bac0bd5b7a199b08fd3506a0cffcf6.tar.gz pyramid-8c51fc9077bac0bd5b7a199b08fd3506a0cffcf6.tar.bz2 pyramid-8c51fc9077bac0bd5b7a199b08fd3506a0cffcf6.zip | |
- Minor edits to tutorials for accuracy based on feedback.
- Back to dev.
Diffstat (limited to 'docs/tutorials/bfgwiki2/authorization.rst')
| -rw-r--r-- | docs/tutorials/bfgwiki2/authorization.rst | 49 |
1 files changed, 18 insertions, 31 deletions
diff --git a/docs/tutorials/bfgwiki2/authorization.rst b/docs/tutorials/bfgwiki2/authorization.rst index 7e86bd126..d4ec03eb2 100644 --- a/docs/tutorials/bfgwiki2/authorization.rst +++ b/docs/tutorials/bfgwiki2/authorization.rst @@ -18,7 +18,7 @@ Adding A Root Factory We're going to start to use a custom :term:`root factory` within our ``run.py`` file. The objects generated by the root factory will be -used as the :term:`context` of each of request to our application. In +used as the :term:`context` of each request to our application. In order for :mod:`repoze.bfg` declarative security to work properly, the context object generated during a request must be decorated with security declarations; when we begin to use a custom root factory to @@ -63,14 +63,14 @@ Configuring a ``repoze.bfg`` Authentication Policy For any :mod:`repoze.bfg` application to perform authorization, we need to add a ``security.py`` module and we'll need to change our :term:`application registry` to add an :term:`authentication policy` -and a :term:`authorization policy`. +and an :term:`authorization policy`. Changing ``run.py`` ~~~~~~~~~~~~~~~~~~~ -We'll use the opportunity to pass the ``RootFactory`` we created in -the step above in as the first argument to ``make_app``. When we're -done, your application's ``run.py`` will look like this. +We'll pass the ``RootFactory`` we created in the step above in as the +first argument to ``make_app``. When we're done, your application's +``run.py`` will look like this. .. literalinclude:: src/authorization/tutorial/run.py :linenos: @@ -79,13 +79,20 @@ done, your application's ``run.py`` will look like this. Changing ``configure.zcml`` ~~~~~~~~~~~~~~~~~~~~~~~~~~~ -We'' change our ``configure.zcml`` file to enable an +We'll change our ``configure.zcml`` file to enable an ``AuthTktAuthenticationPolicy`` and an ``ACLAuthorizationPolicy`` to enable declarative security checking. We'll also add a ``forbidden`` stanza. This configures our login view to show up when :mod:`repoze.bfg` detects that a view invocation can not be -authorized. When you're done, your ``configure.zcml`` will look like -so: +authorized. We'll also change ``configure.zcml`` to add a +``forbidden`` stanza which points at our login view. This configures +our newly created login view to show up when :mod:`repoze.bfg` detects +that a view invocation can not be authorized. Also, we'll add +``permission`` attributes with the value ``edit`` to the ``edit_page`` +and ``add_page`` routes. This indicates that the views which these +routes reference cannot be invoked without the authenticated user +possessing the ``edit`` permission with respect to the current +context. When you're done, your ``configure.zcml`` will look like so .. literalinclude:: src/authorization/tutorial/configure.zcml :linenos: @@ -97,7 +104,7 @@ Adding ``security.py`` Add a ``security.py`` module within your package (in the same directory as "run.py", "views.py", etc) with the following content: The groupfinder defined here is an authorization policy "callback"; it -is a be a callable that accepts a userid and a request. If the userid +is a a callable that accepts a userid and a request. If the userid exists in the system, the callback will return a sequence of group identifiers (or an empty sequence if the user isn't a member of any groups). If the userid *does not* exist in the system, the callback @@ -177,26 +184,6 @@ class="main_content">`` div: <span tal:condition="logged_in"><a href="${request.application_url}/logout">Logout</a></span> -Changing ``configure.zcml`` -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -We'll change our ``configure.zcml`` file to enable an -``AuthTktAuthenticationPolicy`` and an ``ACLAuthorizationPolicy`` to -enable declarative security checking. We'll also change -``configure.zcml`` to add a ``forbidden`` stanza which points at our -login view. This configures our newly created login view to show up -when :mod:`repoze.bfg` detects that a view invocation can not be -authorized. Also, add ``permission`` attributes with the value -``edit`` to the ``edit_page`` and ``add_page`` routes. This indicates -that the views which these routes reference cannot be invoked without -the authenticated user possessing the ``edit`` permission with respect -to the current context. When you're done, your ``configure.zcml`` -will look like so: - -.. literalinclude:: src/authorization/tutorial/configure.zcml - :linenos: - :language: xml - Viewing the Application in a Browser ------------------------------------ @@ -208,8 +195,8 @@ our application in a browser. The views we'll try are as follows: the ``view_page`` view of the FrontPage page object. It is executable by any user. -- Visiting `http://localhost:6543/FrontPage/ - <http://localhost:6543/FrontPage/>`_ in a browser invokes the +- Visiting `http://localhost:6543/FrontPage + <http://localhost:6543/FrontPage>`_ in a browser invokes the ``view_page`` view of the FrontPage page object. - Visiting `http://localhost:6543/FrontPage/edit_page |