Hello,
On Friday February 6, 2009 13:57:53 Michael Brickenstein wrote:
> > Or do you mean passing the has_permission predicate and forgetting to
> > call the evaluate() function or the is_met() method? That's why
> > overriding __nonzero__ in the predicate class with either a warning or
> > an auto evaluation mechanism might still be a good idea.
>
> Sorry, I confused the word "predicate" and "permission".
> Yes indeed, that would still be needed.
I don't like too much the idea of having "the TurboGears way of evaluating
predicates" using __nonzero__, although I don't have strong feelings against
it. What do others think?
> > > - Moreover it really suggests repeat yourself. So defining the
> > > permission somewhere, decorating the controller with it and importing
> > > the permission itself in the template would be discouraged.
> >
> > Where do you see repetiton here? The problem with repetition of the
> > require() decorator is addressed by #1. Using has_permission directly in
> > the template is intended for use cases only where you want to hide
> > certain data (not a link) with a py:if directive in the template.
>
> I don't know, how #1 is implemented.
There would no redundancy because acccessible()/can_access() won't receive the
predicate.
For example, while in your action you have:
@require(Any(has_permission('edit-posts'), is_user('admin')))
def edit_post(self, post_id)
In your template you'll have:
<a py:if="{can_access('/whatever/edit_post')}"
href="{url('/whatever/edit_post', post_id=12)}"
>Edit post #12</a>
As you can see, the predicate is never duplicated.
> Does it work for arbitrary mounted WSGI-apps?
If you define the "allow_only" attribute in the WSGI app, yes. If the app uses
the same @require predicate, yes. Otherwise, the answer is no.
Keep in mind that repoze.what v1 doesn't compute authorization based on the
transversal of a path. Version 2 will, though, in addition to the traditional
way (assigning predicates to controllers/actions).
> It is planned to support repoze.what predicates in RUM.
I have no idea.
> Personally, I think, it is not only about RUM, we should try to
> integrate as good as possible
> with mounted WSGI-apps.
There are the limitations that I mentioned above. Fortunately, in v2 this will
be a piece of cake -- you'd even be able to write an repoze.what ACL for *any*
WSGI app (even if it doesn't use r.what) without touching the app, just
passing it to the root app.
> By the way, I am happy, that Gustavo emphasizes so much,
> on doing things cleanly, so that they are usable outside of TG.
Thanks :)
> I hope, that we will also get it useable and simple.
I hope so too.
Cheers!
--
Gustavo Narea <http://gustavonarea.net/>.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
