From 1025eb090fb902568f546527856c22e3356bd526 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 23 Jun 2010 14:55:33 +0000 Subject: - The authorization chapter of the SQLAlchemy Wiki Tutorial (docs/tutorials/bfgwiki2) was changed to demonstrate authorization via a group rather than via a direct username. --- docs/tutorials/bfgwiki/authorization.rst | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'docs/tutorials/bfgwiki') diff --git a/docs/tutorials/bfgwiki/authorization.rst b/docs/tutorials/bfgwiki/authorization.rst index 8ae3c079d..91224c23e 100644 --- a/docs/tutorials/bfgwiki/authorization.rst +++ b/docs/tutorials/bfgwiki/authorization.rst @@ -206,28 +206,28 @@ pass a ``permission`` argument to each of our - We add ``permission='edit'`` to the decorator attached to the ``add_page`` view function. This makes the assertion that only - users who possess the effective ``view`` permission at the time of + users who possess the effective ``edit`` permission at the time of the request may invoke this view. We've granted the - ``group:editors`` principal the view permission at the root model - via its ACL, so only the a user whom is a member of the group named - ``group:editors`` will able to invoke the ``add_page`` view. We've - likewise given the ``editor`` user membership to this group via thes - ``security.py`` file by mapping him to the ``group:editors`` group - in the ``GROUPS`` data structure (``GROUPS = + ``group:editors`` principal the ``edit`` permission at the root + model via its ACL, so only the a user whom is a member of the group + named ``group:editors`` will able to invoke the ``add_page`` view. + We've likewise given the ``editor`` user membership to this group + via thes ``security.py`` file by mapping him to the + ``group:editors`` group in the ``GROUPS`` data structure (``GROUPS = {'editor':['group:editors']}``); the ``groupfinder`` function consults the ``GROUPS`` data structure. This means that the ``editor`` user can add pages. - We add ``permission='edit'`` to the ``bfg_view`` decorator attached to the ``edit_page`` view function. This makes the assertion that - only users who possess the effective ``view`` permission at the time + only users who possess the effective ``edit`` permission at the time of the request may invoke this view. We've granted the - ``group:editors`` principal the view permission at the root model - via its ACL, so only the a user whom is a member of the group named - ``group:editors`` will able to invoke the ``edit_page`` view. We've - likewise given the ``editor`` user membership to this group via thes - ``security.py`` file by mapping him to the ``group:editors`` group - in the ``GROUPS`` data structure (``GROUPS = + ``group:editors`` principal the ``edit`` permission at the root + model via its ACL, so only the a user whom is a member of the group + named ``group:editors`` will able to invoke the ``edit_page`` view. + We've likewise given the ``editor`` user membership to this group + via thes ``security.py`` file by mapping him to the + ``group:editors`` group in the ``GROUPS`` data structure (``GROUPS = {'editor':['group:editors']}``); the ``groupfinder`` function consults the ``GROUPS`` data structure. This means that the ``editor`` user can edit pages. -- cgit v1.2.3