Hello, Christoph.
On Tuesday February 3, 2009 15:18:13 Christoph Zwerschke wrote:
> Ok, I'll try to explain again.
I think I better understand what you meant now.
> My initial problem was that I (as a new TG2 user) wanted to check in a
> template whether the user as a certain *permission*.
>
> Now the TG2 docs told me (yes, clearly enough):
>
> "The authentication framework (repoze.who) only deals with the source(s)
> that handle your users' *credentials*, while the authorization framework
> (repoze.what) deals with both the source(s) that handle your groups
> and those that handle your *permissions*."
>
> Consequentially, since I wanted to check a *permission*, I checked the
> repoze.*what* part of the TG2 docs. And sure enough, there I found the
> "has_permission" predicate. However, that predicate cannot be used in
> the template (or inside the controller) so easily. That's why I posted
> the question (see subject line) which lead into this discussion.
One thing is that right now it can't be used easily in the template, and
another is that it can't be used easily inside the controller. The later is
not true, although it can and will be easier with the upcoming evaluate()
function -- but of course, the meaning of "easily" subjective. :)
> But even if I had looked into the repoze.*who* part of the TG2 docs, I
> wouldn't have found what I was looking for (namely to simply check
> tg.identity.permissions). Indeed it mentions the request.identity
> shortcut for request.environ.get('repoze.who.identity'). But it does not
> mention that it is available as tg.request.identity or even shorter
> tg.identity in the template as well, which is not obvious for a newbie.
> And most of all it fails to mention that request.identity also contains
> the groups and *permissions*, which a newbie wouldn't expect either,
> after having been explained that they does not belong here.
It doesn't mention that because that is not the recommended way to do so:
repoze.what v2 will be 100% repoze.who-independent, and as a consequence,
groups and permissions won't be loaded in the repoze.who identity dictionary
anymore -- for forward compatibility, they are already available in the
repoze.what credentials dictionary (environ['repoze.what.credentials']) as
well:
http://static.repoze.org/whatdocs/Manual/InnerWorkings.html#wsgi-environment-
variables
This is, doing that the old way will make it harder for you if you want to
upgrade to repoze.what v2. The old way is still there for backwards
compatibility with tg.ext.repoze.who, repoze.what's predecessor.
Regarding the short-cut to the identity dict in the template, that's
relatively new and I forgot to include it in the documentation. I'm updating
the docs accordingly.
> That's the thing I called "confusing" and needs better documentation.
> Could you follow me now?
I think I did :)
Cheers.
--
Gustavo Narea <http://gustavonarea.net/>.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
