From aff22be3468d594de35b2208bed1299aa9ba5074 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Mon, 1 Jun 2009 07:02:03 +0000
Subject: Add authorization chapter to bfgwiki2 tutorial.

---
 docs/tutorials/bfgwiki/authorization.rst           |   2 +-
 .../src/authorization/tutorial/configure.zcml      |   2 +-
 docs/tutorials/bfgwiki2/authorization.rst          | 234 ++++++++++++-
 .../bfgwiki2/src/authorization/CHANGES.txt         |   3 +
 .../bfgwiki2/src/authorization/README.txt          |   4 +
 .../bfgwiki2/src/authorization/ez_setup.py         | 276 +++++++++++++++
 .../tutorials/bfgwiki2/src/authorization/setup.cfg |   6 +
 docs/tutorials/bfgwiki2/src/authorization/setup.py |  52 +++
 .../bfgwiki2/src/authorization/tutorial.ini        |  20 ++
 .../src/authorization/tutorial/__init__.py         |   2 +
 .../src/authorization/tutorial/configure.zcml      |  58 ++++
 .../bfgwiki2/src/authorization/tutorial/login.py   |  44 +++
 .../bfgwiki2/src/authorization/tutorial/models.py  |  43 +++
 .../bfgwiki2/src/authorization/tutorial/run.py     |  40 +++
 .../src/authorization/tutorial/templates/edit.pt   |  31 ++
 .../src/authorization/tutorial/templates/login.pt  |  32 ++
 .../authorization/tutorial/templates/mytemplate.pt |  99 ++++++
 .../tutorial/templates/mytemplate.pt.py            | 110 ++++++
 .../tutorial/templates/static/default.css          | 380 +++++++++++++++++++++
 .../tutorial/templates/static/images/img01.gif     | Bin 0 -> 3840 bytes
 .../tutorial/templates/static/images/img02.gif     | Bin 0 -> 4689 bytes
 .../tutorial/templates/static/images/img03.gif     | Bin 0 -> 229 bytes
 .../tutorial/templates/static/images/img04.gif     | Bin 0 -> 92 bytes
 .../tutorial/templates/static/images/spacer.gif    | Bin 0 -> 43 bytes
 .../tutorial/templates/static/style.css            | 109 ++++++
 .../tutorial/templates/static/templatelicense.txt  | 243 +++++++++++++
 .../src/authorization/tutorial/templates/view.pt   |  28 ++
 .../bfgwiki2/src/authorization/tutorial/tests.py   |  28 ++
 .../src/authorization/tutorial/utilities.py        |  10 +
 .../bfgwiki2/src/authorization/tutorial/views.py   |  83 +++++
 30 files changed, 1936 insertions(+), 3 deletions(-)
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/CHANGES.txt
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/README.txt
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/ez_setup.py
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/setup.cfg
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/setup.py
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial.ini
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/__init__.py
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/configure.zcml
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/login.py
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/models.py
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/run.py
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/edit.pt
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/login.pt
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/mytemplate.pt
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/mytemplate.pt.py
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/default.css
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img01.gif
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img02.gif
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img03.gif
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img04.gif
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/spacer.gif
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/style.css
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/templatelicense.txt
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/view.pt
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/tests.py
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/utilities.py
 create mode 100644 docs/tutorials/bfgwiki2/src/authorization/tutorial/views.py

(limited to 'docs/tutorials')

diff --git a/docs/tutorials/bfgwiki/authorization.rst b/docs/tutorials/bfgwiki/authorization.rst
index 437cb9c74..ea2366a72 100644
--- a/docs/tutorials/bfgwiki/authorization.rst
+++ b/docs/tutorials/bfgwiki/authorization.rst
@@ -71,7 +71,7 @@ into its template.  We'll add something like this to each view body:
 .. code-block:: python
    :linenos:
 
-   logged_in = authenticated_user(request)
+   logged_in = authenticated_userid(request)
 
 We'll then change the return value of ``render_template_to_response``
 to pass the `resulting `logged_in`` value to the template, e.g.:
diff --git a/docs/tutorials/bfgwiki/src/authorization/tutorial/configure.zcml b/docs/tutorials/bfgwiki/src/authorization/tutorial/configure.zcml
index df11c18b1..c8c0aa77e 100644
--- a/docs/tutorials/bfgwiki/src/authorization/tutorial/configure.zcml
+++ b/docs/tutorials/bfgwiki/src/authorization/tutorial/configure.zcml
@@ -5,7 +5,7 @@
 
   <scan package="."/>
 
-   <utility provides="repoze.bfg.interfaces.IForbiddenResponseFactory"
+   <utility provides="repoze.bfg.interfaces.IForbiddenView"
             component=".login.login"/>
 
 </configure>
diff --git a/docs/tutorials/bfgwiki2/authorization.rst b/docs/tutorials/bfgwiki2/authorization.rst
index 4a51acc93..c8ead9995 100644
--- a/docs/tutorials/bfgwiki2/authorization.rst
+++ b/docs/tutorials/bfgwiki2/authorization.rst
@@ -11,5 +11,237 @@ allowing anyone with access to the server to view pages.
 *authentication*.  We'll make use of both features to provide security
 to our application.
 
-XXX not finished
+Adding A Context Factory
+------------------------
+
+We're going to start to use a custom *context factory* within our
+``configure.zcml`` file in order to be able to attach security
+declarations to our :term:`context` object.  When we do this, we can
+begin to make use of the declarative security features of
+:mod:`repoze.bfg`.
+
+Let's modify our ``configure.zcml``, following the instructions in the
+BFG documentation section named
+:ref:`changing_routes_context_factory`.  We'll point it at a function
+in a new module we create named ``utilities.py``.
+
+Add the following section to your application's
+``configure.zcml``file:
+
+.. code-block:: xml
+   :linenos:
+
+   <utility provides="repoze.bfg.interfaces.IRoutesContextFactory"
+            component=".utilities.RoutesContextFactory"/>
+
+As a result, our ``configure.zcml`` file will now look like so:
+
+.. literalinclude:: src/authorization/tutorial/configure.zcml
+   :linenos:
+   :language: xml
+
+Once ``configure.zcml`` has been modified, create a file named
+``utilities.py`` and give it the following contents:
+
+.. literalinclude:: src/authorization/tutorial/utilities.py
+   :linenos:
+   :language: python
+
+The result of our changing of the default routes context factory in
+``configure.zcml`` and our addition of a new ``RoutesContextFactory``
+class to ``utilities.py`` allows us to use declarative security
+features of :mod:`repoze.bfg`.  The ``RoutesContextFactory`` class we
+added will be used to construct each of the ``context`` objects passed
+to our views.  All of our ``context`` objects will possess an
+``__acl__`` attribute that allows "Everyone" (a special principal) to
+view all request, while allowing only a user named ``editor`` to edit
+and add pages.  The ``__acl__`` attribute attached to a context is
+interpreted specially by :mod:`repoze.bfg` as an access control list
+during view execution.  See :ref:`assigning_acls` for more information
+about what an :term:`ACL` represents.
+
+.. note: Although we don't use the functionality here, the ``factory``
+   used to create route contexts may differ per-route instead of
+   globally via a ZCML directive.  See the ``factory`` attribute in
+   :ref:`route_zcml_directive` for more info.
+
+Configuring a ``repoze.bfg`` Authentication Policy
+--------------------------------------------------
+
+For any :mod:`repoze.bfg` application to perform authorization, we
+need to change our ``run.py`` module to add an :term:`authentication
+policy`.  Adding an authentication policy actually causes the system
+to begin to use :term:`authorization`.
+
+Changing ``run.py``
+~~~~~~~~~~~~~~~~~~~
+
+Change your ``run.py`` module to import the
+``AuthTktAuthenticationPolicy`` from ``repoze.bfg.authentication``.
+Within the body of the ``make_app`` function, construct an instance of
+the policy, and pass it as the ``authentication_policy`` argument to
+the ``make_app`` function.  The first positional argument of an
+``AuthTktAuthenticationPolicy`` is a secret used to encrypt cookie
+data.  Its second argument ("callback") should be a callable that
+accepts a userid.  If the userid exists in the system, the callback
+should return a sequence of group identifiers (or an empty sequence if
+the user isn't a member of any groups).  If the userid *does not*
+exist in the system, the callback should return ``None``.  We'll use
+"dummy" data to represent user and groups sources.  When we're done,
+your application's ``run.py`` will look like this.
+
+.. literalinclude:: src/authorization/tutorial/run.py
+   :linenos:
+   :language: python
+
+BFG's ``make_app`` callable also can accept an authorization policy
+parameter.  We don't need to specify one, we'll use the default.
+
+Adding Login and Logout Views
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+We'll add a ``login`` view which renders a login form and processes
+the post from the login form, checking credentials.
+
+We'll also add a ``logout`` view to our application and provide a link
+to it.  This view will clear the credentials of the logged in user and
+redirect back to the front page.
+
+We'll add a different file (for presentation convenience) to add login
+and logout views.  Add a file named ``login.py`` to your application
+(in the same directory as ``views.py``) with the following content:
+
+.. literalinclude:: src/authorization/tutorial/login.py
+   :linenos:
+   :language: python
+
+Changing Existing Views
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Then we need to change each opf our ``view_page``, ``edit_page`` and
+``add_page`` views in ``views.py`` to pass a "logged in" parameter
+into its template.  We'll add something like this to each view body:
+
+.. code-block:: python
+   :linenos:
+
+   logged_in = authenticated_userid(request)
+
+We'll then change the return value of ``render_template_to_response``
+to pass the `resulting `logged_in`` value to the template, e.g.:
+
+.. code-block:: python
+   :linenos:
+
+   return render_template_to_response('templates/view.pt',
+                                      request = request,
+                                      page = context,
+                                      content = content,
+                                      logged_in = logged_in,
+                                      edit_url = edit_url)
+
+Adding the ``login.pt`` Template
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Add a ``login.pt`` template to your templates directory.  It's
+referred to within the login view we just added to ``login.py``.
+
+.. literalinclude:: src/authorization/tutorial/templates/login.pt
+   :linenos:
+   :language: xml
+
+Change ``view.pt`` and ``edit.pt``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+We'll also need to change our ``edit.pt`` and ``view.pt`` templates to
+display a "Logout" link if someone is logged in.  This link will
+invoke the logout view.
+
+To do so we'll add this to both templates within the ``<div
+class="main_content">`` div:
+
+.. code-block:: xml
+   :linenos:
+
+   <span tal:condition="logged_in"><a href="${request.application_url}/logout">Logout</a></span>
+
+Changing ``configure.zcml``
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Change your application's ``configure.zcml`` to add a slightly
+inscrutable ``utility`` stanza which "provides" ``IForbiddenView``.
+This configures our login view to show up when BFG detects that a view
+invocation can not be authorized.  Also, add ``permission`` attributes
+with the value ``edit`` to the ``edit_page`` and ``add_page`` routes.
+This indicates that the views which these routes reference cannot be
+invoked without the authenticated user possessing the ``edit``
+permission.  When you're done, your ``configure.zcml`` will look like
+so:
+
+.. literalinclude:: src/authorization/tutorial/configure.zcml
+   :linenos:
+   :language: xml
+
+Viewing the Application in a Browser
+------------------------------------
+
+Once we've set up the WSGI pipeline properly, we can finally examine
+our application in a browser.  The views we'll try are as follows:
+
+- Visiting `http://localhost:6543/ <http://localhost:6543/>`_ in a
+  browser invokes the ``view_wiki`` view.  This always redirects to
+  the ``view_page`` view of the FrontPage page object.  It is
+  executable by any user.
+
+- Visiting `http://localhost:6543/FrontPage/
+  <http://localhost:6543/FrontPage/>`_ in a browser invokes the
+  ``view_page`` view of the front page page object.
+
+- Visiting `http://localhost:6543/FrontPage/edit_page
+  <http://localhost:6543/FrontPage/edit_page>`_ in a browser invokes
+  the edit view for the front page object.  It is executable by only
+  the ``editor`` user.  If a different user (or the anonymous user)
+  invokes it, a login form will be displayed.  Supplying the
+  credentials with the username ``editor``, password ``editor`` will
+  show the edit page form being displayed.
+
+- Visiting `http://localhost:6543/add_page/SomePageName
+  <http://localhost:6543/add_page/SomePageName>`_ in a browser invokes
+  the add view for a page.  It is executable by only the ``editor``
+  user.  If a different user (or the anonymous user) invokes it, a
+  login form will be displayed.  Supplying the credentials with the
+  username ``editor``, password ``editor`` will show the edit page
+  form being displayed.
+
+Seeing Our Changes To ``views.py`` and our Templates
+----------------------------------------------------
+
+Our ``views.py`` module will look something like this when we're done:
+
+.. literalinclude:: src/authorization/tutorial/views.py
+   :linenos:
+   :language: python
+
+Our ``edit.pt`` template will look something like this when we're done:
+
+.. literalinclude:: src/authorization/tutorial/templates/edit.pt
+   :linenos:
+   :language: xml
+
+Our ``view.pt`` template will look something like this when we're done:
+
+.. literalinclude:: src/authorization/tutorial/templates/view.pt
+   :linenos:
+   :language: xml
+
+Revisiting the Application
+---------------------------
+
+When we revisit the application in a browser, and log in (as a result
+of hitting an edit or add page and submitting the login form with the
+``editor`` credentials), we'll see a Logout link in the upper right
+hand corner.  When we click it, we're logged out, and redirected back
+to the front page.
+
+
 
diff --git a/docs/tutorials/bfgwiki2/src/authorization/CHANGES.txt b/docs/tutorials/bfgwiki2/src/authorization/CHANGES.txt
new file mode 100644
index 000000000..1544cf53b
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/CHANGES.txt
@@ -0,0 +1,3 @@
+0.1
+
+  Initial version
diff --git a/docs/tutorials/bfgwiki2/src/authorization/README.txt b/docs/tutorials/bfgwiki2/src/authorization/README.txt
new file mode 100644
index 000000000..d41f7f90f
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/README.txt
@@ -0,0 +1,4 @@
+tutorial README
+
+
+
diff --git a/docs/tutorials/bfgwiki2/src/authorization/ez_setup.py b/docs/tutorials/bfgwiki2/src/authorization/ez_setup.py
new file mode 100644
index 000000000..d24e845e5
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/ez_setup.py
@@ -0,0 +1,276 @@
+#!python
+"""Bootstrap setuptools installation
+
+If you want to use setuptools in your package's setup.py, just include this
+file in the same directory with it, and add this to the top of your setup.py::
+
+    from ez_setup import use_setuptools
+    use_setuptools()
+
+If you want to require a specific version of setuptools, set a download
+mirror, or use an alternate download directory, you can do so by supplying
+the appropriate options to ``use_setuptools()``.
+
+This file can also be run as a script to install or upgrade setuptools.
+"""
+import sys
+DEFAULT_VERSION = "0.6c9"
+DEFAULT_URL     = "http://pypi.python.org/packages/%s/s/setuptools/" % sys.version[:3]
+
+md5_data = {
+    'setuptools-0.6b1-py2.3.egg': '8822caf901250d848b996b7f25c6e6ca',
+    'setuptools-0.6b1-py2.4.egg': 'b79a8a403e4502fbb85ee3f1941735cb',
+    'setuptools-0.6b2-py2.3.egg': '5657759d8a6d8fc44070a9d07272d99b',
+    'setuptools-0.6b2-py2.4.egg': '4996a8d169d2be661fa32a6e52e4f82a',
+    'setuptools-0.6b3-py2.3.egg': 'bb31c0fc7399a63579975cad9f5a0618',
+    'setuptools-0.6b3-py2.4.egg': '38a8c6b3d6ecd22247f179f7da669fac',
+    'setuptools-0.6b4-py2.3.egg': '62045a24ed4e1ebc77fe039aa4e6f7e5',
+    'setuptools-0.6b4-py2.4.egg': '4cb2a185d228dacffb2d17f103b3b1c4',
+    'setuptools-0.6c1-py2.3.egg': 'b3f2b5539d65cb7f74ad79127f1a908c',
+    'setuptools-0.6c1-py2.4.egg': 'b45adeda0667d2d2ffe14009364f2a4b',
+    'setuptools-0.6c2-py2.3.egg': 'f0064bf6aa2b7d0f3ba0b43f20817c27',
+    'setuptools-0.6c2-py2.4.egg': '616192eec35f47e8ea16cd6a122b7277',
+    'setuptools-0.6c3-py2.3.egg': 'f181fa125dfe85a259c9cd6f1d7b78fa',
+    'setuptools-0.6c3-py2.4.egg': 'e0ed74682c998bfb73bf803a50e7b71e',
+    'setuptools-0.6c3-py2.5.egg': 'abef16fdd61955514841c7c6bd98965e',
+    'setuptools-0.6c4-py2.3.egg': 'b0b9131acab32022bfac7f44c5d7971f',
+    'setuptools-0.6c4-py2.4.egg': '2a1f9656d4fbf3c97bf946c0a124e6e2',
+    'setuptools-0.6c4-py2.5.egg': '8f5a052e32cdb9c72bcf4b5526f28afc',
+    'setuptools-0.6c5-py2.3.egg': 'ee9fd80965da04f2f3e6b3576e9d8167',
+    'setuptools-0.6c5-py2.4.egg': 'afe2adf1c01701ee841761f5bcd8aa64',
+    'setuptools-0.6c5-py2.5.egg': 'a8d3f61494ccaa8714dfed37bccd3d5d',
+    'setuptools-0.6c6-py2.3.egg': '35686b78116a668847237b69d549ec20',
+    'setuptools-0.6c6-py2.4.egg': '3c56af57be3225019260a644430065ab',
+    'setuptools-0.6c6-py2.5.egg': 'b2f8a7520709a5b34f80946de5f02f53',
+    'setuptools-0.6c7-py2.3.egg': '209fdf9adc3a615e5115b725658e13e2',
+    'setuptools-0.6c7-py2.4.egg': '5a8f954807d46a0fb67cf1f26c55a82e',
+    'setuptools-0.6c7-py2.5.egg': '45d2ad28f9750e7434111fde831e8372',
+    'setuptools-0.6c8-py2.3.egg': '50759d29b349db8cfd807ba8303f1902',
+    'setuptools-0.6c8-py2.4.egg': 'cba38d74f7d483c06e9daa6070cce6de',
+    'setuptools-0.6c8-py2.5.egg': '1721747ee329dc150590a58b3e1ac95b',
+    'setuptools-0.6c9-py2.3.egg': 'a83c4020414807b496e4cfbe08507c03',
+    'setuptools-0.6c9-py2.4.egg': '260a2be2e5388d66bdaee06abec6342a',
+    'setuptools-0.6c9-py2.5.egg': 'fe67c3e5a17b12c0e7c541b7ea43a8e6',
+    'setuptools-0.6c9-py2.6.egg': 'ca37b1ff16fa2ede6e19383e7b59245a',
+}
+
+import sys, os
+try: from hashlib import md5
+except ImportError: from md5 import md5
+
+def _validate_md5(egg_name, data):
+    if egg_name in md5_data:
+        digest = md5(data).hexdigest()
+        if digest != md5_data[egg_name]:
+            print >>sys.stderr, (
+                "md5 validation of %s failed!  (Possible download problem?)"
+                % egg_name
+            )
+            sys.exit(2)
+    return data
+
+def use_setuptools(
+    version=DEFAULT_VERSION, download_base=DEFAULT_URL, to_dir=os.curdir,
+    download_delay=15
+):
+    """Automatically find/download setuptools and make it available on sys.path
+
+    `version` should be a valid setuptools version number that is available
+    as an egg for download under the `download_base` URL (which should end with
+    a '/').  `to_dir` is the directory where setuptools will be downloaded, if
+    it is not already available.  If `download_delay` is specified, it should
+    be the number of seconds that will be paused before initiating a download,
+    should one be required.  If an older version of setuptools is installed,
+    this routine will print a message to ``sys.stderr`` and raise SystemExit in
+    an attempt to abort the calling script.
+    """
+    was_imported = 'pkg_resources' in sys.modules or 'setuptools' in sys.modules
+    def do_download():
+        egg = download_setuptools(version, download_base, to_dir, download_delay)
+        sys.path.insert(0, egg)
+        import setuptools; setuptools.bootstrap_install_from = egg
+    try:
+        import pkg_resources
+    except ImportError:
+        return do_download()       
+    try:
+        pkg_resources.require("setuptools>="+version); return
+    except pkg_resources.VersionConflict, e:
+        if was_imported:
+            print >>sys.stderr, (
+            "The required version of setuptools (>=%s) is not available, and\n"
+            "can't be installed while this script is running. Please install\n"
+            " a more recent version first, using 'easy_install -U setuptools'."
+            "\n\n(Currently using %r)"
+            ) % (version, e.args[0])
+            sys.exit(2)
+        else:
+            del pkg_resources, sys.modules['pkg_resources']    # reload ok
+            return do_download()
+    except pkg_resources.DistributionNotFound:
+        return do_download()
+
+def download_setuptools(
+    version=DEFAULT_VERSION, download_base=DEFAULT_URL, to_dir=os.curdir,
+    delay = 15
+):
+    """Download setuptools from a specified location and return its filename
+
+    `version` should be a valid setuptools version number that is available
+    as an egg for download under the `download_base` URL (which should end
+    with a '/'). `to_dir` is the directory where the egg will be downloaded.
+    `delay` is the number of seconds to pause before an actual download attempt.
+    """
+    import urllib2, shutil
+    egg_name = "setuptools-%s-py%s.egg" % (version,sys.version[:3])
+    url = download_base + egg_name
+    saveto = os.path.join(to_dir, egg_name)
+    src = dst = None
+    if not os.path.exists(saveto):  # Avoid repeated downloads
+        try:
+            from distutils import log
+            if delay:
+                log.warn("""
+---------------------------------------------------------------------------
+This script requires setuptools version %s to run (even to display
+help).  I will attempt to download it for you (from
+%s), but
+you may need to enable firewall access for this script first.
+I will start the download in %d seconds.
+
+(Note: if this machine does not have network access, please obtain the file
+
+   %s
+
+and place it in this directory before rerunning this script.)
+---------------------------------------------------------------------------""",
+                    version, download_base, delay, url
+                ); from time import sleep; sleep(delay)
+            log.warn("Downloading %s", url)
+            src = urllib2.urlopen(url)
+            # Read/write all in one block, so we don't create a corrupt file
+            # if the download is interrupted.
+            data = _validate_md5(egg_name, src.read())
+            dst = open(saveto,"wb"); dst.write(data)
+        finally:
+            if src: src.close()
+            if dst: dst.close()
+    return os.path.realpath(saveto)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+def main(argv, version=DEFAULT_VERSION):
+    """Install or upgrade setuptools and EasyInstall"""
+    try:
+        import setuptools
+    except ImportError:
+        egg = None
+        try:
+            egg = download_setuptools(version, delay=0)
+            sys.path.insert(0,egg)
+            from setuptools.command.easy_install import main
+            return main(list(argv)+[egg])   # we're done here
+        finally:
+            if egg and os.path.exists(egg):
+                os.unlink(egg)
+    else:
+        if setuptools.__version__ == '0.0.1':
+            print >>sys.stderr, (
+            "You have an obsolete version of setuptools installed.  Please\n"
+            "remove it from your system entirely before rerunning this script."
+            )
+            sys.exit(2)
+
+    req = "setuptools>="+version
+    import pkg_resources
+    try:
+        pkg_resources.require(req)
+    except pkg_resources.VersionConflict:
+        try:
+            from setuptools.command.easy_install import main
+        except ImportError:
+            from easy_install import main
+        main(list(argv)+[download_setuptools(delay=0)])
+        sys.exit(0) # try to force an exit
+    else:
+        if argv:
+            from setuptools.command.easy_install import main
+            main(argv)
+        else:
+            print "Setuptools version",version,"or greater has been installed."
+            print '(Run "ez_setup.py -U setuptools" to reinstall or upgrade.)'
+
+def update_md5(filenames):
+    """Update our built-in md5 registry"""
+
+    import re
+
+    for name in filenames:
+        base = os.path.basename(name)
+        f = open(name,'rb')
+        md5_data[base] = md5(f.read()).hexdigest()
+        f.close()
+
+    data = ["    %r: %r,\n" % it for it in md5_data.items()]
+    data.sort()
+    repl = "".join(data)
+
+    import inspect
+    srcfile = inspect.getsourcefile(sys.modules[__name__])
+    f = open(srcfile, 'rb'); src = f.read(); f.close()
+
+    match = re.search("\nmd5_data = {\n([^}]+)}", src)
+    if not match:
+        print >>sys.stderr, "Internal error!"
+        sys.exit(2)
+
+    src = src[:match.start(1)] + repl + src[match.end(1):]
+    f = open(srcfile,'w')
+    f.write(src)
+    f.close()
+
+
+if __name__=='__main__':
+    if len(sys.argv)>2 and sys.argv[1]=='--md5update':
+        update_md5(sys.argv[2:])
+    else:
+        main(sys.argv[1:])
+
+
+
+
+
+
diff --git a/docs/tutorials/bfgwiki2/src/authorization/setup.cfg b/docs/tutorials/bfgwiki2/src/authorization/setup.cfg
new file mode 100644
index 000000000..807ea6b0e
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/setup.cfg
@@ -0,0 +1,6 @@
+[nosetests]
+match=^test
+nocapture=1
+cover-package=tutorial
+with-coverage=1
+cover-erase=1
diff --git a/docs/tutorials/bfgwiki2/src/authorization/setup.py b/docs/tutorials/bfgwiki2/src/authorization/setup.py
new file mode 100644
index 000000000..86be6c960
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/setup.py
@@ -0,0 +1,52 @@
+import os
+import sys
+
+from ez_setup import use_setuptools
+use_setuptools()
+
+from setuptools import setup, find_packages
+
+here = os.path.abspath(os.path.dirname(__file__))
+README = open(os.path.join(here, 'README.txt')).read()
+CHANGES = open(os.path.join(here, 'CHANGES.txt')).read()
+
+requires = [
+    'repoze.bfg',
+    'SQLAlchemy',
+    'transaction',
+    'repoze.tm2',
+    'zope.sqlalchemy',
+    'docutils'
+    ]
+
+if sys.version_info[:3] < (2,5,0):
+    requires.append('pysqlite')
+
+setup(name='tutorial',
+      version='0.1',
+      description='tutorial',
+      long_description=README + '\n\n' +  CHANGES,
+      classifiers=[
+        "Development Status :: 3 - Alpha",
+        "Intended Audience :: Developers",
+        "Programming Language :: Python",
+        "Topic :: Internet :: WWW/HTTP",
+        "Topic :: Internet :: WWW/HTTP :: Dynamic Content",
+        "Topic :: Internet :: WWW/HTTP :: WSGI",
+        "Topic :: Internet :: WWW/HTTP :: WSGI :: Application",
+        ],
+      author='',
+      author_email='',
+      url='',
+      keywords='web wsgi bfg zope',
+      packages=find_packages(),
+      include_package_data=True,
+      zip_safe=False,
+      test_suite='tutorial',
+      install_requires = requires,
+      entry_points = """\
+      [paste.app_factory]
+      app = tutorial.run:app
+      """
+      )
+
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial.ini b/docs/tutorials/bfgwiki2/src/authorization/tutorial.ini
new file mode 100644
index 000000000..d89616316
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial.ini
@@ -0,0 +1,20 @@
+[DEFAULT]
+debug = true
+
+[app:sql]
+use = egg:tutorial#app
+reload_templates = true
+debug_authorization = false
+debug_notfound = false
+db_string = sqlite:///%(here)s/tutorial.db
+
+[pipeline:main]
+pipeline =
+    egg:Paste#evalerror
+    egg:repoze.tm2#tm
+    sql
+
+[server:main]
+use = egg:Paste#http
+host = 0.0.0.0
+port = 6543
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/__init__.py b/docs/tutorials/bfgwiki2/src/authorization/tutorial/__init__.py
new file mode 100644
index 000000000..cbdfd3ac6
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/__init__.py
@@ -0,0 +1,2 @@
+# A package
+
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/configure.zcml b/docs/tutorials/bfgwiki2/src/authorization/tutorial/configure.zcml
new file mode 100644
index 000000000..8fd6140ab
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/configure.zcml
@@ -0,0 +1,58 @@
+<configure xmlns="http://namespaces.repoze.org/bfg">
+
+  <!-- this must be included for the view declarations to work -->
+  <include package="repoze.bfg.includes" />
+
+  <subscriber for="repoze.bfg.interfaces.INewRequest"
+    handler=".run.handle_teardown"/>
+
+  <route
+     path="login"
+     name="login"
+     view=".login.login"
+     />
+
+  <route
+     path="logout"
+     name="logout"
+     view=".login.logout"
+     />
+
+  <route path="static/*subpath"
+    name="static"
+    view=".views.static_view"
+    />
+
+  <route
+    path=""
+    name="view_wiki"
+    view=".views.view_wiki"
+    />
+    
+  <route
+     path=":pagename"
+     name="view_page"
+     view=".views.view_page"
+     />
+
+  <route
+     path=":pagename/edit_page"
+     name="edit_page"
+     view=".views.edit_page"
+     permission="edit"
+     />
+
+  <route
+     path="add_page/:pagename"
+     name="add_page"
+     view=".views.add_page"
+     permission="edit"
+     />
+
+   <utility provides="repoze.bfg.interfaces.IRoutesContextFactory"
+            component=".utilities.RoutesContextFactory"/>
+
+   <utility provides="repoze.bfg.interfaces.IForbiddenView"
+            component=".login.login"/>
+
+</configure>
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/login.py b/docs/tutorials/bfgwiki2/src/authorization/tutorial/login.py
new file mode 100644
index 000000000..28c3e05b4
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/login.py
@@ -0,0 +1,44 @@
+from webob.exc import HTTPFound
+
+from routes import url_for
+
+from repoze.bfg.chameleon_zpt import render_template_to_response
+
+from repoze.bfg.security import remember
+from repoze.bfg.security import forget
+
+from tutorial.run import USERS
+
+def login(context, request):
+    login_url = url_for('login')
+    referrer = request.environ.get('HTTP_REFERER', '/')
+    if referrer == login_url:
+        referrer = '/' # never use the login form itself as came_from
+    came_from = request.params.get('came_from', referrer)
+    message = ''
+    login = ''
+    password = ''
+    if 'form.submitted' in request.params:
+        login = request.params['login']
+        password = request.params['password']
+        if USERS.get(login) == password:
+            headers = remember(request, login)
+            return HTTPFound(location = came_from,
+                             headers = headers)
+        message = 'Failed login'
+
+    return render_template_to_response(
+        'templates/login.pt',
+        message = message,
+        url = request.application_url + '/login',
+        came_from = came_from,
+        login = login,
+        password = password,
+        request  =request,
+        )
+    
+def logout(context, request):
+    headers = forget(request)
+    return HTTPFound(location = url_for('view_wiki'),
+                     headers = headers)
+    
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/models.py b/docs/tutorials/bfgwiki2/src/authorization/tutorial/models.py
new file mode 100644
index 000000000..3e63c3734
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/models.py
@@ -0,0 +1,43 @@
+import transaction
+
+from sqlalchemy import create_engine
+from sqlalchemy import Column
+from sqlalchemy import Integer
+from sqlalchemy import Text
+
+from sqlalchemy.exc import IntegrityError
+
+from sqlalchemy.orm import scoped_session
+from sqlalchemy.orm import sessionmaker
+
+from sqlalchemy.ext.declarative import declarative_base
+
+from zope.sqlalchemy import ZopeTransactionExtension
+
+DBSession = scoped_session(sessionmaker(extension=ZopeTransactionExtension()))
+Base = declarative_base()
+
+class Page(Base):
+    """ The SQLAlchemy declarative model class for a Page object. """
+    __tablename__ = 'pages'
+    id = Column(Integer, primary_key=True)
+    name = Column(Text, unique=True)
+    data = Column(Text)
+
+    def __init__(self, name, data):
+       self.name = name
+       self.data = data
+
+def initialize_sql(db, echo=False):
+    engine = create_engine(db, echo=echo)
+    DBSession.configure(bind=engine)
+    Base.metadata.bind = engine
+    Base.metadata.create_all(engine)
+    try:
+        session = DBSession()
+        page = Page('FrontPage', 'initial data')
+        session.add(page)
+        transaction.commit()
+    except IntegrityError:
+        # already created
+        pass
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/run.py b/docs/tutorials/bfgwiki2/src/authorization/tutorial/run.py
new file mode 100644
index 000000000..0f2068bba
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/run.py
@@ -0,0 +1,40 @@
+from repoze.bfg.router import make_app
+from repoze.bfg.authentication import AuthTktAuthenticationPolicy
+
+import tutorial
+from tutorial.models import DBSession
+from tutorial.models import initialize_sql
+
+class Cleanup:
+    def __init__(self, cleaner):
+        self.cleaner = cleaner
+    def __del__(self):
+        self.cleaner()
+
+def handle_teardown(event):
+    environ = event.request.environ
+    environ['tutorial.sasession'] = Cleanup(DBSession.remove)
+
+def app(global_config, **kw):
+    """ This function returns a repoze.bfg.router.Router object.
+    
+    It is usually called by the PasteDeploy framework during ``paster serve``.
+    """
+    db_string = kw.get('db_string')
+    if db_string is None:
+        raise ValueError("No 'db_string' value in application configuration.")
+    initialize_sql(db_string)
+
+    authpolicy = AuthTktAuthenticationPolicy('seekr!t', callback=groupfinder)
+
+    return make_app(None, tutorial,  authentication_policy=authpolicy,
+                    options=kw)
+
+USERS = {'editor':'editor',
+          'viewer':'viewer'}
+GROUPS = {'editor':['group.editors']}
+
+def groupfinder(userid):
+    if userid in USERS:
+        return GROUPS.get(userid, [])
+
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/edit.pt b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/edit.pt
new file mode 100644
index 000000000..5e56f1fd6
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/edit.pt
@@ -0,0 +1,31 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html
+    xmlns="http://www.w3.org/1999/xhtml"
+      xmlns:tal="http://xml.zope.org/namespaces/tal">
+
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>bfg tutorial wiki (based on TurboGears 20-Minute Wiki) Editing: ${page.name}</title>
+        <link rel="stylesheet" type="text/css"
+          href="${request.application_url}/static/style.css" />
+</head>
+
+<body>
+
+<div class="main_content">
+  <div style="float:right; width: 10em;"> Viewing
+    <span tal:replace="page.name">Page Name Goes Here</span> <br/>
+    You can return to the <a href="${request.application_url}">FrontPage</a>.
+   <span tal:condition="logged_in"><a href="${request.application_url}/logout">Logout</a></span>
+  </div>  
+
+  <div>
+    <form action="${save_url}" method="post">
+      <textarea name="body" tal:content="page.data" rows="10" cols="60"/>
+      <input type="submit" name="form.submitted" value="Save"/>
+    </form>
+  </div>
+</div>  
+</body>
+</html>
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/login.pt b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/login.pt
new file mode 100644
index 000000000..a9e086461
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/login.pt
@@ -0,0 +1,32 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html
+    xmlns="http://www.w3.org/1999/xhtml"
+    xmlns:tal="http://xml.zope.org/namespaces/tal">
+
+<head>
+  <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+  <title>bfg tutorial wiki (based on TurboGears 20-Minute Wiki)</title>
+  <link rel="stylesheet" type="text/css"
+        href="${request.application_url}/static/style.css" />
+</head>
+
+<body>
+
+<h1>Log In</h1>
+
+<div tal:replace="message"/>
+
+<div class="main_content">
+  <form action="${url}" method="post">
+    <input type="hidden" name="came_from" value="${came_from}"/>
+    <input type="text" name="login" value="${login}"/>
+    <br/>
+    <input type="password" name="password" value="${password}"/>
+    <br/>
+    <input type="submit" name="form.submitted" value="Log In"/>
+  </form>
+</div>  
+
+</body>
+</html>
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/mytemplate.pt b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/mytemplate.pt
new file mode 100644
index 000000000..767252554
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/mytemplate.pt
@@ -0,0 +1,99 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+      xmlns:tal="http://xml.zope.org/namespaces/tal">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>${project} Application</title>
+<meta name="keywords" content="python web application" />
+<meta name="description" content="repoze.bfg web application" />
+<link href="${request.application_url}/static/default.css" rel="stylesheet" type="text/css" />
+</head>
+<body>
+<!-- start header -->
+<div id="logo">
+  <h2><code>${project}</code>, a <code>repoze.bfg</code> application</h2>
+</div>
+<div id="header">
+  <div id="menu">
+  </div>
+</div>
+<!-- end header -->
+<div id="wrapper">
+  <!-- start page -->
+  <div id="page">
+    <!-- start content -->
+    <div id="content">
+      <div class="post">
+	<h1 class="title">Welcome to <code>${project}</code>, an
+	application generated by the <a
+	href="http://bfg.repoze.org">repoze.bfg</a> web
+	application framework.</h1>
+      </div>
+    </div>
+    <!-- end content -->
+    <!-- start sidebar -->
+    <div id="sidebar">
+      <ul>
+	<li id="search">
+	  <h2>Search<br/> <code>repoze.bfg</code> Documentation</h2>
+	  <form method="get" 
+                action="http://bfg.repoze.org/searchresults">
+	    <fieldset>
+	      <input type="text" id="q" name="text" value="" />
+	      <input type="submit" id="x" value="Search" />
+	    </fieldset>
+	  </form>
+	</li>
+	<li>
+	  <h2><code>repoze.bfg</code> links</h2>
+	  <ul>
+	    <li><a
+	    href="http://docs.repoze.org/bfg/#narrative-documentation">Narrative
+	    Documentation</a>
+            </li>
+	    <li>
+              <a
+              href="http://docs.repoze.org/bfg/#api-documentation">API
+              Documentation</a>
+            </li>
+	    <li>
+              <a
+              href="http://docs.repoze.org/bfg/#tutorials">Tutorials</a>
+            </li>
+	    <li>
+              <a
+              href="http://docs.repoze.org/bfg/#change-history">Change
+              History</a>
+            </li>
+	    <li>
+              <a
+              href="http://docs.repoze.org/bfg/#sample-applications">Sample
+              Applications</a>
+            </li>
+	    <li>
+              <a
+              href="http://docs.repoze.org/bfg/#support-and-development">Support
+              and Development</a>
+            </li>
+	    <li>
+              <a
+              href="irc://irc.freenode.net#repoze">IRC Channel</a>
+            </li>
+	  </ul>
+	</li>
+      </ul>
+    </div>
+    <!-- end sidebar -->
+    <div style="clear: both;">&nbsp;</div>
+  </div>
+</div>
+<!-- end page -->
+<!-- start footer -->
+<div id="footer">
+  <p id="legal">( c ) 2008. All Rights Reserved. Template design
+  by <a href="http://www.freecsstemplates.org/">Free CSS
+  Templates</a>.</p>
+</div>
+<!-- end footer -->
+</body>
+</html>
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/mytemplate.pt.py b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/mytemplate.pt.py
new file mode 100644
index 000000000..678ee58fe
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/mytemplate.pt.py
@@ -0,0 +1,110 @@
+registry = dict(version='6.3')
+def bind():
+	from cPickle import loads as _loads
+	_init_stream = _loads('cchameleon.core.generation\ninitialize_stream\np1\n.')
+	_lookup_attr = _loads('cchameleon.core.codegen\nlookup_attr\np1\n.')
+	_init_scope = _loads('cchameleon.core.utils\necontext\np1\n.')
+	_re_amp = _loads("cre\n_compile\np1\n(S'&(?!([A-Za-z]+|#[0-9]+);)'\np2\nI0\ntRp3\n.")
+	_init_default = _loads('cchameleon.core.generation\ninitialize_default\np1\n.')
+	_lookup_name = _loads('cchameleon.core.codegen\nlookup_name\np1\n.')
+	_init_tal = _loads('cchameleon.core.generation\ninitialize_tal\np1\n.')
+	def render(econtext):
+		macros = econtext.get('macros')
+		_slots = econtext.get('_slots')
+		target_language = econtext.get('target_language')
+		u'_init_stream()'
+		(_out, _write) = _init_stream()
+		u'_init_tal()'
+		(_attributes, repeat) = _init_tal()
+		u'_init_default()'
+		_default = _init_default()
+		u'None'
+		default = None
+		u'None'
+		_domain = None
+		u'project'
+		_write(u'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">\n<html xmlns="http://www.w3.org/1999/xhtml">\n<head><title>')
+		_tmp1 = econtext['project']
+		_tmp = _tmp1
+		if (_tmp.__class__ not in (str, unicode) and hasattr(_tmp, '__html__')):
+			_write(_tmp.__html__())
+		elif _tmp is not None:
+			if not (isinstance(_tmp, unicode)):
+				_tmp = str(_tmp)
+			if '&' in _tmp:
+				if ';' in _tmp:
+					_tmp = _re_amp.sub('&amp;', _tmp)
+				else:
+					_tmp = _tmp.replace('&', '&amp;')
+			if '<' in _tmp:
+				_tmp = _tmp.replace('<', '&lt;')
+			if '>' in _tmp:
+				_tmp = _tmp.replace('>', '&gt;')
+			_write(_tmp)
+		_write(u' Application</title>\n<meta name="keywords" content="python web application" />\n<meta name="description" content="repoze.bfg web application" />\n<link')
+		default = u'${request.application_url}/static/default.css'
+		"join(value('request.application_url'), u'/static/default.css')"
+		_tmp1 = ('%s%s' % (_lookup_attr(econtext['request'], 'application_url'), u'/static/default.css'))
+		default = None
+		if _tmp1 is _default:
+			_tmp1 = u'${request.application_url}/static/default.css'
+		if (_tmp1 is None or _tmp1 is False):
+			pass
+		else:
+			if not (isinstance(_tmp1, unicode)):
+				_tmp1 = str(_tmp1)
+			if '&' in _tmp1:
+				if ';' in _tmp1:
+					_tmp1 = _re_amp.sub('&amp;', _tmp1)
+				else:
+					_tmp1 = _tmp1.replace('&', '&amp;')
+			if '<' in _tmp1:
+				_tmp1 = _tmp1.replace('<', '&lt;')
+			if '>' in _tmp1:
+				_tmp1 = _tmp1.replace('>', '&gt;')
+			if '"' in _tmp1:
+				_tmp1 = _tmp1.replace('"', '&quot;')
+			_write((' href="' + _tmp1) + '"')
+		u'project'
+		_write(u' rel="stylesheet" type="text/css" />\n</head>\n<body>\n<!-- start header -->\n<div id="logo">\n  <h2><code>')
+		_tmp1 = econtext['project']
+		_tmp = _tmp1
+		if (_tmp.__class__ not in (str, unicode) and hasattr(_tmp, '__html__')):
+			_write(_tmp.__html__())
+		elif _tmp is not None:
+			if not (isinstance(_tmp, unicode)):
+				_tmp = str(_tmp)
+			if '&' in _tmp:
+				if ';' in _tmp:
+					_tmp = _re_amp.sub('&amp;', _tmp)
+				else:
+					_tmp = _tmp.replace('&', '&amp;')
+			if '<' in _tmp:
+				_tmp = _tmp.replace('<', '&lt;')
+			if '>' in _tmp:
+				_tmp = _tmp.replace('>', '&gt;')
+			_write(_tmp)
+		u'project'
+		_write(u'</code>, a <code>repoze.bfg</code> application</h2>\n</div>\n<div id="header">\n  <div id="menu">\n  </div>\n</div>\n<!-- end header -->\n<div id="wrapper">\n  <!-- start page -->\n  <div id="page">\n    <!-- start content -->\n    <div id="content">\n      <div class="post">\n\t<h1 class="title">Welcome to <code>')
+		_tmp1 = econtext['project']
+		_tmp = _tmp1
+		if (_tmp.__class__ not in (str, unicode) and hasattr(_tmp, '__html__')):
+			_write(_tmp.__html__())
+		elif _tmp is not None:
+			if not (isinstance(_tmp, unicode)):
+				_tmp = str(_tmp)
+			if '&' in _tmp:
+				if ';' in _tmp:
+					_tmp = _re_amp.sub('&amp;', _tmp)
+				else:
+					_tmp = _tmp.replace('&', '&amp;')
+			if '<' in _tmp:
+				_tmp = _tmp.replace('<', '&lt;')
+			if '>' in _tmp:
+				_tmp = _tmp.replace('>', '&gt;')
+			_write(_tmp)
+		_write(u'</code>, an\n\tapplication generated by the <a href="http://bfg.repoze.org">repoze.bfg</a> web\n\tapplication framework.</h1>\n      </div>\n    </div>\n    <!-- end content -->\n    <!-- start sidebar -->\n    <div id="sidebar">\n      <ul>\n\t<li id="search">\n\t  <h2>Search<br /> <code>repoze.bfg</code> Documentation</h2>\n\t  <form method="get" action="http://bfg.repoze.org/searchresults">\n\t    <fieldset>\n\t      <input type="text" id="q" name="text" value="" />\n\t      <input type="submit" id="x" value="Search" />\n\t    </fieldset>\n\t  </form>\n\t</li>\n\t<li>\n\t  <h2><code>repoze.bfg</code> links</h2>\n\t  <ul>\n\t    <li><a href="http://docs.repoze.org/bfg/#narrative-documentation">Narrative\n\t    Documentation</a>\n            </li>\n\t    <li>\n              <a href="http://docs.repoze.org/bfg/#api-documentation">API\n              Documentation</a>\n            </li>\n\t    <li>\n              <a href="http://docs.repoze.org/bfg/#tutorials">Tutorials</a>\n            </li>\n\t    <li>\n              <a href="http://docs.repoze.org/bfg/#change-history">Change\n              History</a>\n            </li>\n\t    <li>\n              <a href="http://docs.repoze.org/bfg/#sample-applications">Sample\n              Applications</a>\n            </li>\n\t    <li>\n              <a href="http://docs.repoze.org/bfg/#support-and-development">Support\n              and Development</a>\n            </li>\n\t    <li>\n              <a href="irc://irc.freenode.net#repoze">IRC Channel</a>\n            </li>\n\t  </ul>\n\t</li>\n      </ul>\n    </div>\n    <!-- end sidebar -->\n    <div style="clear: both;">&nbsp;</div>\n  </div>\n</div>\n<!-- end page -->\n<!-- start footer -->\n<div id="footer">\n  <p id="legal">( c ) 2008. All Rights Reserved. Template design\n  by <a href="http://www.freecsstemplates.org/">Free CSS\n  Templates</a>.</p>\n</div>\n<!-- end footer -->\n</body>\n</html>')
+		return _out.getvalue()
+	return render
+
+registry[(None, True, '1488bdb950901f8f258549439ef6661a49aae984')] = bind()
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/default.css b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/default.css
new file mode 100644
index 000000000..41b3debde
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/default.css
@@ -0,0 +1,380 @@
+/*
+Design by Free CSS Templates
+http://www.freecsstemplates.org
+Released for free under a Creative Commons Attribution 2.5 License
+*/
+
+body {
+	margin: 0;
+	padding: 0;
+	background: url(images/img01.gif) repeat-x left top;
+	font-size: 13px;
+	font-family: "Trebuchet MS", Georgia, "Times New Roman", Times, serif;
+	text-align: justify;
+	color: #FFFFFF;
+}
+
+h1, h2, h3 {
+	margin: 0;
+	text-transform: lowercase;
+	font-weight: normal;
+	color: #FFFFFF;
+}
+
+h1 {
+	letter-spacing: -1px;
+	font-size: 32px;
+}
+
+h2 {
+	font-size: 23px;
+}
+
+p, ul, ol {
+	margin: 0 0 2em 0;
+	text-align: justify;
+	line-height: 26px;
+}
+
+a:link {
+	color: #8BD80E;
+}
+
+a:hover, a:active {
+	text-decoration: none;
+	color: #8BD80E;
+}
+
+a:visited {
+	color: #8BD80E;
+}
+
+img {
+	border: none;
+}
+
+img.left {
+	float: left;
+	margin-right: 15px;
+}
+
+img.right {
+	float: right;
+	margin-left: 15px;
+}
+
+/* Form */
+
+form {
+	margin: 0;
+	padding: 0;
+}
+
+fieldset {
+	margin: 0;
+	padding: 0;
+	border: none;
+}
+
+legend {
+	display: none;
+}
+
+input, textarea, select {
+	font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
+	font-size: 13px;
+	color: #333333;
+}
+
+#wrapper {
+	margin: 0;
+	padding: 0;
+	background: #000000;
+}
+
+/* Header */
+
+#header {
+	width: 713px;
+	margin: 0 auto;
+	height: 42px;
+}
+
+/* Menu */
+
+#menu {
+	float: left;
+	width: 713px;
+	height: 50px;
+	background: url(images/img02.gif) no-repeat left top;
+}
+
+#menu ul {
+	margin: 0;
+	padding: 0px 0 0 10px;
+	list-style: none;
+	line-height: normal;
+}
+
+#menu li {
+	display: block;
+	float: left;
+}
+
+#menu a {
+	display: block;
+	float: left;
+	background: url(images/img04.gif) no-repeat right 55%;
+	margin-top: 5px;
+	margin-right: 3px;
+	padding: 8px 17px;
+	text-decoration: none;
+	font-size: 13px;
+	color: #000000;
+}
+
+#menu a:hover { 
+	color: #000000;
+}
+
+#menu .current_page_item a {
+	color: #000000;
+}
+
+/** LOGO */
+
+#logo {
+	width: 713px;
+	height: 80px;
+	margin: 0 auto;
+}
+
+#logo h1, #logo h2 {
+	float: left;
+	margin: 0;
+	padding: 30px 0 0 0px;
+	line-height: normal;
+}
+
+#logo h1 { 
+	font-family: Georgia, "Times New Roman", Times, serif;
+	font-size:40px;
+}
+
+#logo h1 a {
+	text-decoration: none;
+	color: #4C4C4C; 
+}
+
+#logo h1 a:hover { text-decoration: underline; }
+
+#logo h2 {
+	float: left;
+	padding: 45px 0 0 18px;
+	font: 18px Georgia, "Times New Roman", Times, serif;
+	color: #8BD80E; 
+}
+
+#logo p a {
+	text-decoration: none;
+	color: #8BD80E;
+}
+
+#logo p a:hover { text-decoration: underline; }
+
+
+
+/* Page */
+
+#page {
+	width: 663px;
+	margin: 0 auto;
+	background: #4C4C4C url(images/img03.gif) no-repeat left bottom;
+	padding: 0 25px;
+}
+
+/* Content */
+
+#content {
+	float: left;
+	width: 410px;
+	
+}
+
+/* Post */
+
+.post {
+	padding: 15px 0px;
+	margin-bottom: 20px;
+}
+
+.post .title {
+	margin-bottom: 20px;
+	padding-bottom: 5px;
+}
+
+.post h1 {
+	padding: 0px 0 0 0px;
+	background: url(images/img08.jpg) no-repeat left top;
+	font-size: 24px;
+	color: #FFFFFF;
+}
+
+.post h2 {
+	padding: 0px 0 0 0px;
+	font-size: 22px;
+	color: #FFFFFF;
+}
+
+.post .entry {
+}
+
+.post .meta {
+	padding: 15px 15px 30px 0px;
+	font-family: Arial, Helvetica, sans-serif;
+	font-size: 11px;
+}
+
+.post .meta p {
+	margin: 0;
+	padding-top: 15px;
+	line-height: normal;
+	color: #FFFFFF;
+}
+
+.post .meta .byline {
+	float: left;
+}
+
+.post .meta .links {
+	float: right;
+}
+
+.post .meta .more {
+	padding: 0 10px 0 18px;
+}
+
+.post .meta .comments {
+}
+
+.post .meta b {
+	display: none;
+}
+
+
+/* Sidebar */
+
+#sidebar {
+	width: 210px;
+	float: right;
+	margin: 0;
+	padding: 0;
+}
+
+#sidebar ul {
+	margin: 0;
+	padding: 0;
+	list-style: none;
+}
+
+#sidebar li {
+	margin-bottom: 40px;
+}
+
+#sidebar li ul {
+}
+
+#sidebar li li {
+	margin: 0;
+}
+
+#sidebar h2 {
+	width: 250px;
+	padding: 8px 0 0 0px;
+	margin-bottom: 10px;
+	background: url(images/img07.jpg) no-repeat left top;
+	font-size: 20px;
+	color: #FFFFFF;
+}
+
+/* Search */
+
+#search {
+
+}
+
+#search h2 {
+	margin-bottom: 20px;
+}
+
+#s {
+	width: 140px;
+	margin-right: 5px;
+	padding: 3px;
+	border: 1px solid #BED99C;
+}
+
+#x {
+	padding: 3px;
+	border: none;
+	background: #8BD80E;
+	text-transform: lowercase;
+	font-size: 11px;
+	color: #FFFFFF;
+}
+
+/* Boxes */
+
+.box1 {
+	padding: 20px;
+}
+
+.box2 {
+	color: #BABABA;
+}
+
+.box2 h2 {
+	margin-bottom: 15px;
+	font-size: 16px;
+	color: #FFFFFF;
+}
+
+.box2 ul {
+	margin: 0;
+	padding: 0;
+	list-style: none;
+}
+
+.box2 a:link, .box2 a:hover, .box2 a:active, .box2 a:visited  {
+	color: #EDEDED;
+}
+
+/* Footer */
+#footer-wrap {
+}
+
+#footer {
+	margin: 0 auto;
+	padding: 20px 0 10px 0;
+	background: #000000;
+}
+
+html>body #footer {
+	height: auto;
+}
+
+#footer p {
+	font-size: 11px;
+}
+
+#legal {
+	clear: both;
+	padding-top: 17px;
+	text-align: center;
+	color: #FFFFFF;
+}
+
+#legal a {
+	font-weight: normal;
+	color: #FFFFFF;
+}
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img01.gif b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img01.gif
new file mode 100644
index 000000000..5f082bd99
Binary files /dev/null and b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img01.gif differ
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img02.gif b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img02.gif
new file mode 100644
index 000000000..45a3ae976
Binary files /dev/null and b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img02.gif differ
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img03.gif b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img03.gif
new file mode 100644
index 000000000..d92ea38f9
Binary files /dev/null and b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img03.gif differ
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img04.gif b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img04.gif
new file mode 100644
index 000000000..950c4af9d
Binary files /dev/null and b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/img04.gif differ
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/spacer.gif b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/spacer.gif
new file mode 100644
index 000000000..5bfd67a2d
Binary files /dev/null and b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/images/spacer.gif differ
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/style.css b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/style.css
new file mode 100644
index 000000000..0a4b5767e
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/style.css
@@ -0,0 +1,109 @@
+html, body {
+  color: black;
+  background-color: #ddd;
+  font: x-small "Lucida Grande", "Lucida Sans Unicode", geneva, verdana, sans-serif;
+  margin: 0;
+  padding: 0;
+}
+
+td, th {padding:3px;border:none;}
+tr th {text-align:left;background-color:#f0f0f0;color:#333;}
+tr.odd td {background-color:#edf3fe;}
+tr.even td {background-color:#fff;}
+
+#header {
+  height: 80px;
+  width: 777px;
+  background: blue URL('../images/header_inner.png') no-repeat;
+  border-left: 1px solid #aaa;
+  border-right: 1px solid #aaa;
+  margin: 0 auto 0 auto;
+}
+
+a.link, a, a.active {
+  color: #369;
+}
+
+
+#main_content {
+  color: black;
+  font-size: 127%;
+  background-color: white;
+  width: 757px;
+  margin: 0 auto 0 auto;
+  border-left: 1px solid #aaa;
+  border-right: 1px solid #aaa;
+  padding: 10px;
+}
+
+#sidebar {
+  border: 1px solid #aaa;
+  background-color: #eee;
+  margin: 0.5em;
+  padding: 1em;
+  float: right;
+  width: 200px;
+  font-size: 88%;
+}
+
+#sidebar h2 {
+  margin-top: 0;
+}
+
+#sidebar ul {
+  margin-left: 1.5em;
+  padding-left: 0;
+}
+
+h1,h2,h3,h4,h5,h6,#getting_started_steps {
+  font-family: "Century Schoolbook L", Georgia, serif;
+  font-weight: bold;
+}
+
+h2 {
+  font-size: 150%;
+}
+
+#footer {
+  border: 1px solid #aaa;
+  border-top: 0px none;
+  color: #999;
+  background-color: white;
+  padding: 10px;
+  font-size: 80%;
+  text-align: center;
+  width: 757px;
+  margin: 0 auto 1em auto;
+}
+
+.code {
+  font-family: monospace;
+}
+
+span.code {
+  font-weight: bold;
+  background: #eee;
+}
+
+#status_block {
+  margin: 0 auto 0.5em auto;
+  padding: 15px 10px 15px 55px;
+  background: #cec URL('../images/ok.png') left center no-repeat;
+  border: 1px solid #9c9;
+  width: 450px;
+  font-size: 120%;
+  font-weight: bolder;
+}
+
+.notice {
+  margin: 0.5em auto 0.5em auto;
+  padding: 15px 10px 15px 55px;
+  width: 450px;
+  background: #eef URL('../images/info.png') left center no-repeat;
+  border: 1px solid #cce;
+}
+
+.fielderror {
+    color: red;
+    font-weight: bold;
+}
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/templatelicense.txt b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/templatelicense.txt
new file mode 100644
index 000000000..ccb6b06ab
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/static/templatelicense.txt
@@ -0,0 +1,243 @@
+Creative Commons </>
+
+Creative Commons Legal Code
+
+*Attribution 2.5*
+
+CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
+LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN
+ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION
+ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE
+INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
+ITS USE.
+
+/License/
+
+THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE
+COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY
+COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS
+AUTHORIZED UNDER THIS LICENSE OR COPYRIGHT LAW IS PROHIBITED.
+
+BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE
+TO BE BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS YOU THE
+RIGHTS CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS
+AND CONDITIONS.
+
+*1. Definitions*
+
+   1. *"Collective Work"* means a work, such as a periodical issue,
+      anthology or encyclopedia, in which the Work in its entirety in
+      unmodified form, along with a number of other contributions,
+      constituting separate and independent works in themselves, are
+      assembled into a collective whole. A work that constitutes a
+      Collective Work will not be considered a Derivative Work (as
+      defined below) for the purposes of this License.
+   2. *"Derivative Work"* means a work based upon the Work or upon the
+      Work and other pre-existing works, such as a translation, musical
+      arrangement, dramatization, fictionalization, motion picture
+      version, sound recording, art reproduction, abridgment,
+      condensation, or any other form in which the Work may be recast,
+      transformed, or adapted, except that a work that constitutes a
+      Collective Work will not be considered a Derivative Work for the
+      purpose of this License. For the avoidance of doubt, where the
+      Work is a musical composition or sound recording, the
+      synchronization of the Work in timed-relation with a moving image
+      ("synching") will be considered a Derivative Work for the purpose
+      of this License.
+   3. *"Licensor"* means the individual or entity that offers the Work
+      under the terms of this License.
+   4. *"Original Author"* means the individual or entity who created the
+      Work.
+   5. *"Work"* means the copyrightable work of authorship offered under
+      the terms of this License.
+   6. *"You"* means an individual or entity exercising rights under this
+      License who has not previously violated the terms of this License
+      with respect to the Work, or who has received express permission
+      from the Licensor to exercise rights under this License despite a
+      previous violation.
+
+*2. Fair Use Rights.* Nothing in this license is intended to reduce,
+limit, or restrict any rights arising from fair use, first sale or other
+limitations on the exclusive rights of the copyright owner under
+copyright law or other applicable laws.
+
+*3. License Grant.* Subject to the terms and conditions of this License,
+Licensor hereby grants You a worldwide, royalty-free, non-exclusive,
+perpetual (for the duration of the applicable copyright) license to
+exercise the rights in the Work as stated below:
+
+   1. to reproduce the Work, to incorporate the Work into one or more
+      Collective Works, and to reproduce the Work as incorporated in the
+      Collective Works;
+   2. to create and reproduce Derivative Works;
+   3. to distribute copies or phonorecords of, display publicly, perform
+      publicly, and perform publicly by means of a digital audio
+      transmission the Work including as incorporated in Collective Works;
+   4. to distribute copies or phonorecords of, display publicly, perform
+      publicly, and perform publicly by means of a digital audio
+      transmission Derivative Works.
+   5.
+
+      For the avoidance of doubt, where the work is a musical composition:
+
+         1. *Performance Royalties Under Blanket Licenses*. Licensor
+            waives the exclusive right to collect, whether individually
+            or via a performance rights society (e.g. ASCAP, BMI,
+            SESAC), royalties for the public performance or public
+            digital performance (e.g. webcast) of the Work.
+         2. *Mechanical Rights and Statutory Royalties*. Licensor waives
+            the exclusive right to collect, whether individually or via
+            a music rights agency or designated agent (e.g. Harry Fox
+            Agency), royalties for any phonorecord You create from the
+            Work ("cover version") and distribute, subject to the
+            compulsory license created by 17 USC Section 115 of the US
+            Copyright Act (or the equivalent in other jurisdictions).
+   6. *Webcasting Rights and Statutory Royalties*. For the avoidance of
+      doubt, where the Work is a sound recording, Licensor waives the
+      exclusive right to collect, whether individually or via a
+      performance-rights society (e.g. SoundExchange), royalties for the
+      public digital performance (e.g. webcast) of the Work, subject to
+      the compulsory license created by 17 USC Section 114 of the US
+      Copyright Act (or the equivalent in other jurisdictions).
+
+The above rights may be exercised in all media and formats whether now
+known or hereafter devised. The above rights include the right to make
+such modifications as are technically necessary to exercise the rights
+in other media and formats. All rights not expressly granted by Licensor
+are hereby reserved.
+
+*4. Restrictions.*The license granted in Section 3 above is expressly
+made subject to and limited by the following restrictions:
+
+   1. You may distribute, publicly display, publicly perform, or
+      publicly digitally perform the Work only under the terms of this
+      License, and You must include a copy of, or the Uniform Resource
+      Identifier for, this License with every copy or phonorecord of the
+      Work You distribute, publicly display, publicly perform, or
+      publicly digitally perform. You may not offer or impose any terms
+      on the Work that alter or restrict the terms of this License or
+      the recipients' exercise of the rights granted hereunder. You may
+      not sublicense the Work. You must keep intact all notices that
+      refer to this License and to the disclaimer of warranties. You may
+      not distribute, publicly display, publicly perform, or publicly
+      digitally perform the Work with any technological measures that
+      control access or use of the Work in a manner inconsistent with
+      the terms of this License Agreement. The above applies to the Work
+      as incorporated in a Collective Work, but this does not require
+      the Collective Work apart from the Work itself to be made subject
+      to the terms of this License. If You create a Collective Work,
+      upon notice from any Licensor You must, to the extent practicable,
+      remove from the Collective Work any credit as required by clause
+      4(b), as requested. If You create a Derivative Work, upon notice
+      from any Licensor You must, to the extent practicable, remove from
+      the Derivative Work any credit as required by clause 4(b), as
+      requested.
+   2. If you distribute, publicly display, publicly perform, or publicly
+      digitally perform the Work or any Derivative Works or Collective
+      Works, You must keep intact all copyright notices for the Work and
+      provide, reasonable to the medium or means You are utilizing: (i)
+      the name of the Original Author (or pseudonym, if applicable) if
+      supplied, and/or (ii) if the Original Author and/or Licensor
+      designate another party or parties (e.g. a sponsor institute,
+      publishing entity, journal) for attribution in Licensor's
+      copyright notice, terms of service or by other reasonable means,
+      the name of such party or parties; the title of the Work if
+      supplied; to the extent reasonably practicable, the Uniform
+      Resource Identifier, if any, that Licensor specifies to be
+      associated with the Work, unless such URI does not refer to the
+      copyright notice or licensing information for the Work; and in the
+      case of a Derivative Work, a credit identifying the use of the
+      Work in the Derivative Work (e.g., "French translation of the Work
+      by Original Author," or "Screenplay based on original Work by
+      Original Author"). Such credit may be implemented in any
+      reasonable manner; provided, however, that in the case of a
+      Derivative Work or Collective Work, at a minimum such credit will
+      appear where any other comparable authorship credit appears and in
+      a manner at least as prominent as such other comparable authorship
+      credit.
+
+*5. Representations, Warranties and Disclaimer*
+
+UNLESS OTHERWISE MUTUALLY AGREED TO BY THE PARTIES IN WRITING, LICENSOR
+OFFERS THE WORK AS-IS AND MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY
+KIND CONCERNING THE WORK, EXPRESS, IMPLIED, STATUTORY OR OTHERWISE,
+INCLUDING, WITHOUT LIMITATION, WARRANTIES OF TITLE, MERCHANTIBILITY,
+FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, OR THE ABSENCE OF
+LATENT OR OTHER DEFECTS, ACCURACY, OR THE PRESENCE OF ABSENCE OF ERRORS,
+WHETHER OR NOT DISCOVERABLE. SOME JURISDICTIONS DO NOT ALLOW THE
+EXCLUSION OF IMPLIED WARRANTIES, SO SUCH EXCLUSION MAY NOT APPLY TO YOU.
+
+*6. Limitation on Liability.* EXCEPT TO THE EXTENT REQUIRED BY
+APPLICABLE LAW, IN NO EVENT WILL LICENSOR BE LIABLE TO YOU ON ANY LEGAL
+THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY
+DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF
+LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+*7. Termination*
+
+   1. This License and the rights granted hereunder will terminate
+      automatically upon any breach by You of the terms of this License.
+      Individuals or entities who have received Derivative Works or
+      Collective Works from You under this License, however, will not
+      have their licenses terminated provided such individuals or
+      entities remain in full compliance with those licenses. Sections
+      1, 2, 5, 6, 7, and 8 will survive any termination of this License.
+   2. Subject to the above terms and conditions, the license granted
+      here is perpetual (for the duration of the applicable copyright in
+      the Work). Notwithstanding the above, Licensor reserves the right
+      to release the Work under different license terms or to stop
+      distributing the Work at any time; provided, however that any such
+      election will not serve to withdraw this License (or any other
+      license that has been, or is required to be, granted under the
+      terms of this License), and this License will continue in full
+      force and effect unless terminated as stated above.
+
+*8. Miscellaneous*
+
+   1. Each time You distribute or publicly digitally perform the Work or
+      a Collective Work, the Licensor offers to the recipient a license
+      to the Work on the same terms and conditions as the license
+      granted to You under this License.
+   2. Each time You distribute or publicly digitally perform a
+      Derivative Work, Licensor offers to the recipient a license to the
+      original Work on the same terms and conditions as the license
+      granted to You under this License.
+   3. If any provision of this License is invalid or unenforceable under
+      applicable law, it shall not affect the validity or enforceability
+      of the remainder of the terms of this License, and without further
+      action by the parties to this agreement, such provision shall be
+      reformed to the minimum extent necessary to make such provision
+      valid and enforceable.
+   4. No term or provision of this License shall be deemed waived and no
+      breach consented to unless such waiver or consent shall be in
+      writing and signed by the party to be charged with such waiver or
+      consent.
+   5. This License constitutes the entire agreement between the parties
+      with respect to the Work licensed here. There are no
+      understandings, agreements or representations with respect to the
+      Work not specified here. Licensor shall not be bound by any
+      additional provisions that may appear in any communication from
+      You. This License may not be modified without the mutual written
+      agreement of the Licensor and You.
+
+Creative Commons is not a party to this License, and makes no warranty
+whatsoever in connection with the Work. Creative Commons will not be
+liable to You or any party on any legal theory for any damages
+whatsoever, including without limitation any general, special,
+incidental or consequential damages arising in connection to this
+license. Notwithstanding the foregoing two (2) sentences, if Creative
+Commons has expressly identified itself as the Licensor hereunder, it
+shall have all rights and obligations of Licensor.
+
+Except for the limited purpose of indicating to the public that the Work
+is licensed under the CCPL, neither party will use the trademark
+"Creative Commons" or any related trademark or logo of Creative Commons
+without the prior written consent of Creative Commons. Any permitted use
+will be in compliance with Creative Commons' then-current trademark
+usage guidelines, as may be published on its website or otherwise made
+available upon request from time to time.
+
+Creative Commons may be contacted at http://creativecommons.org/
+<http://creativecommons.org>.
+
+« Back to Commons Deed <./>
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/view.pt b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/view.pt
new file mode 100644
index 000000000..59c21d4eb
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/templates/view.pt
@@ -0,0 +1,28 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html
+    xmlns="http://www.w3.org/1999/xhtml"
+      xmlns:tal="http://xml.zope.org/namespaces/tal">
+
+<head>
+    <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
+    <title>${page.name} - bfg tutorial wiki (based on TurboGears 20-Minute Wiki)</title>
+        <link rel="stylesheet" type="text/css"
+          href="${request.application_url}/static/style.css" />
+</head>
+
+<body>
+
+<div class="main_content">
+<div style="float:right; width: 10em;"> Viewing
+<span tal:replace="page.name">Page Name Goes Here</span> <br/>
+You can return to the <a href="${request.application_url}">FrontPage</a>.
+<span tal:condition="logged_in"><a href="${request.application_url}/logout">Logout</a></span>
+</div>
+
+<div tal:replace="structure content">Page text goes here.</div>
+<p><a tal:attributes="href edit_url" href="">Edit this page</a></p>
+</div>
+
+</body>
+</html>
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/tests.py b/docs/tutorials/bfgwiki2/src/authorization/tutorial/tests.py
new file mode 100644
index 000000000..8d163ad20
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/tests.py
@@ -0,0 +1,28 @@
+import unittest
+from repoze.bfg import testing
+
+def _initTestingDB():
+    from tutorial.models import initialize_sql
+    session = initialize_sql('sqlite://')
+    return session
+
+class TestMyView(unittest.TestCase):
+    def setUp(self):
+        testing.cleanUp()
+        _initTestingDB()
+        
+    def tearDown(self):
+        testing.cleanUp()
+
+    def _callFUT(self, context, request):
+        from tutorial.views import my_view
+        return my_view(context, request)
+
+    def test_it(self):
+        request = testing.DummyRequest()
+        context = testing.DummyModel()
+        renderer = testing.registerDummyRenderer('templates/mytemplate.pt')
+        response = self._callFUT(context, request)
+        self.assertEqual(renderer.root.name, 'root')
+        self.assertEqual(renderer.request, request)
+        self.assertEqual(renderer.project, 'tutorial')
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/utilities.py b/docs/tutorials/bfgwiki2/src/authorization/tutorial/utilities.py
new file mode 100644
index 000000000..cc1e0d515
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/utilities.py
@@ -0,0 +1,10 @@
+from repoze.bfg.security import Allow
+from repoze.bfg.security import Everyone
+
+class RoutesContextFactory(object):
+    __acl__ = [ (Allow, Everyone, 'view'), (Allow, 'editor', 'edit') ]
+    def __init__(self, **kw):
+        self.__dict__.update(kw)
+
+
+
diff --git a/docs/tutorials/bfgwiki2/src/authorization/tutorial/views.py b/docs/tutorials/bfgwiki2/src/authorization/tutorial/views.py
new file mode 100644
index 000000000..b38a9489e
--- /dev/null
+++ b/docs/tutorials/bfgwiki2/src/authorization/tutorial/views.py
@@ -0,0 +1,83 @@
+import re
+
+from docutils.core import publish_parts
+
+from webob.exc import HTTPFound
+
+from routes import url_for
+
+from repoze.bfg.chameleon_zpt import render_template_to_response
+from repoze.bfg.view import static
+from repoze.bfg.security import authenticated_userid
+
+from tutorial.models import DBSession
+from tutorial.models import Page
+
+# regular expression used to find WikiWords
+wikiwords = re.compile(r"\b([A-Z]\w+[A-Z]+\w+)")
+
+static_view = static('templates/static')
+
+def view_wiki(context, request):
+    return HTTPFound(location = url_for('view_page', pagename='FrontPage'))
+
+def view_page(context, request):
+    session = DBSession()
+    page = session.query(Page).filter_by(name=context.pagename).one()
+
+    def check(match):
+        word = match.group(1)
+        exists = session.query(Page).filter_by(name=word).all()
+        if exists:
+            view_url = url_for('view_page', pagename=word)
+            return '<a href="%s">%s</a>' % (view_url, word)
+        else:
+            add_url = url_for('add_page', pagename=word)
+            return '<a href="%s">%s</a>' % (add_url, word)
+
+    content = publish_parts(page.data, writer_name='html')['html_body']
+    content = wikiwords.sub(check, content)
+    edit_url = url_for('edit_page', pagename=context.pagename)
+    logged_in = authenticated_userid(request)
+    return render_template_to_response('templates/view.pt',
+                                       request = request,
+                                       page = page,
+                                       content = content,
+                                       logged_in = logged_in,
+                                       edit_url = edit_url)
+
+def add_page(context, request):
+    name = context.pagename
+    if 'form.submitted' in request.params:
+        session = DBSession()
+        body = request.params['body']
+        page = Page(name, body)
+        session.add(page)
+        return HTTPFound(location = url_for('view_page', pagename=name))
+    save_url = url_for('add_page', pagename=name)
+    page = Page('', '')
+    logged_in = authenticated_userid(request)
+    return render_template_to_response('templates/edit.pt',
+                                       request = request,
+                                       page = page,
+                                       logged_in = logged_in,
+                                       save_url = save_url)
+    
+def edit_page(context, request):
+    name = context.pagename
+    session = DBSession()
+    page = session.query(Page).filter_by(name=name).one()
+    if 'form.submitted' in request.params:
+        page.data = request.params['body']
+        session.add(page)
+        return HTTPFound(location = url_for('view_page',
+                                            pagename=name))
+
+    logged_in = authenticated_userid(request)
+    return render_template_to_response('templates/edit.pt',
+                                       request = request,
+                                       page = page,
+                                       logged_in = logged_in,
+                                       save_url = url_for('edit_page',
+                                                          pagename=name),
+                                       )
-- 
cgit v1.2.3