Hi Bill, I will try to answer some of the questions you raised in the thread.
We had an IRC meeting last week and we agreed that T2 was becoming common and people started to rely on it. At the same time maintaining web2py+T2+T3 as separate entities was becoming a nightmare. We agreed that it was possible to incorporate some parts of T2 (those that we consider good practice and those that only require python modules) into web2py. This includes: - Authentication - Role Based Authorization - Smarter Crud than SQLFORM provides (integration with authentication, more restful paths) The current T2 would become an example on how to extend this core, in the same fashion as you suggest. T3 will stay an anonymous app that based only on web2py and perhaps, once polished, it could be distributed with web2py in the future. About the "concept" of plugin. I agree with almost everything you say but let me insist: A PLUGIN IS AN APPLICATION. Just a special type of app. It can have modules, models, controllers, views, static files, services. It does not deserve a special folder but plugin apps need to identify themselves. I think a PLUGIN file in the app folder should do the task. We do need to write API specs on how to write plugins. For example. By having Auth provided now by web2py code, a plugin could be class CasAuth(Auth): ... which exposes the same APis as Auth but uses CAS. The plugin would also include a CAS provider app. Massimo On Jan 21, 9:19 am, billf <billferr...@blueyonder.co.uk> wrote: > RE plugins, I think the other area that could be addressed is how > web2py allows certain types of plugin to operate. > > For example, it would be nice if web2py says "I provide for the > following types of authorisation at point x, y, and z where I will > call a function (either called a, b and c or stored in attributes d, e > and f)", i.e. the api that a "standard" authorisation plugin must > meet. That way a) anyone writing their own know what they have to > provide and b) it documents what web2py must support for backwards- > compatibility. > > There are probably some internal areas that might benefit from a > similar api document, e.g. the "api" exposed to a view, although I > can't quite envisage it at present. > > On Jan 21, 2:47 pm, billf <billferr...@blueyonder.co.uk> wrote: > > > For now, I don't know if there is a difference between module and > > plugin but let's assume there is to keep it discreet. > > > * a plugin folder > > > * each plugin is a) a file or b) a folder - latter is more flexible if > > more than file required > > > * an admin UI can display all plugins from the plugin folder > > > * a means of stating dependency upon other plugins and conflict with > > other plugins so that the admin UI can automatically check/include/ > > warn - is this by lines within the main(?) plugin file or a separate > > config/manifest/descriptor file > > > * a means of describing the plugin - in text including syntax (same > > points as above lines or file) > > > * I don't know the best way to actually import/include into app/ > > project - any ideas? > > > Bill > > > On Jan 21, 2:08 pm, Timothy Farrell <tfarr...@swgen.com> wrote: > > > > So the big question is...what would a plugin system look like? What > > > would you want it to control? > > > > Currently the T2 functionality is a set of Python methods that you can > > > expose and add to your app. I agree that it looks cludgy, but how can > > > it be made better? > > > > I want to keep things narrow in this discussion. So let's have an > > > example: Authentication. Let's say I have an app and I want to add > > > authentication to it (aside from Basic HTTP auth). How would a plugin > > > add this functionality to my app? > > > > -tim > > > > billf wrote: > > > > I've been away a while so I am trying to catch up with all the new > > > > stuff. I've downloaded the version in trunk and I'm trying to get my > > > > head around it all. My first (admittedly very early) impressions are: > > > > > 1) The functionality is nice but, personally, I don't see utils.py > > > > stuff as core web2py. > > > > > 2) I would prefer to see a simple, well-defined, rock-solid core and > > > > everything else as a plugin. I accept that where you draw the line is > > > > totally subjective. For example , I have no problem with a mandatory > > > > 'id' and would like to see an optional 'last_modification_timestamp' > > > > included in the core. Others want neither. I have a problem with > > > > Mail, Auth and Crud in the core. I'm sure others see no problem. > > > > > 3) Someone devise a good plugin system pleeeeeease. Or a requirements > > > > spec for one? I know; "do it yourself" :-) > > > > > 4) There is a bug in utils.py: lines 821, 833 and 849 should all refer > > > > to self.settings. not self.setting. > > > > > [BTW is it possible to override the redirect at the end of create(), > > > > update() and delete()? I couldn't.] > > > > > 5) The url format:http://..../[app]/default/database/create/[app]_event > > > > ...has got to be the least elegant way of saying "I want a form to add > > > > a record to table [app]_event" you could think of. Shouldn't the goal > > > > be:http://..../[app]/default/[app]_event ? > > > > > 6) Crud just seems a way to minimise the need to write function stubs > > > > (by enforcing action/table/id in the url) and enforcing a call to Auth > > > > if present. It's just really a pattern for a do-everything function. > > > > > 7) I think web2py is struggling to define itself. Is it: > > > > > - a powerful general-purpose framework (that could do with a little > > > > attention to its foundations)? > > > > > - a cms with a long way to go? > > > > > - some sort of app-builder app for plugins/modules with no plugin/ > > > > module api/infrastructure? > > > > > I don't think it will succeed if it tries to be more than one of the > > > > above. But maybe I'm just not aspirational enough. > > > > > Obviously, the above is mostly personal hot air but then that's what a > > > > forum's for :-) > > > > > Bill > > > > > On Jan 21, 9:46 am, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > > >> yes but only so that you can test them and provide feedback. I hope to > > > >> finalize the APIs and documentations within the week. > > > > >> also I would like to change the name of the file from utils.py to > > > >> something more catchy. Any suggestion? > > > > >> Massimo > > > > >> On Jan 21, 1:33 am, David Marko <dma...@tiscali.cz> wrote: > > > > >>> These things look very nice. > > > >>> Does it mean that described changes are available in svn trunk > > > >>> version? > > > > >>> David > > > > >>> On 21 Led, 00:36, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > > >>>> I have a preliminary version of inclusion if T2 functionality into > > > >>>> web2py core. I am not yet promising backward compatibility here. The > > > >>>> module name many change. For now it is in trunk as gluon/utils.py > > > > >>>> Here is how you use it (assuming [app] is you application name). > > > > >>>> 1) put this in your model > > > > >>>> from gluon.utils import * > > > >>>> auth=Auth(globals(),db) > > > >>>> auth.define_tables() > > > >>>> crud=Crud(globals(),db) > > > > >>>> 2) put this in your "default" controller > > > > >>>> def user(): return dict(form=auth()) > > > >>>> def database(): return dict(form=crud()) > > > >>>> def download(): return response.download() > > > > >>>> def index(): > > > >>>> response.flash=T('Welcome to web2py') > > > >>>> return dict(message=T('Hello World')) > > > > >>>> Now > > > >>>> visit:http://..../[app]/default/user/registerhttp://..../[app]/default/user/loginhttp://..../[app]/default/user/profilehttp://..../[app]/default/user/change_passwordhttp://..../[app]/default/user/groupshttp://..../[app]/default/user/logouthttp://..../[app]/default/user/retrieve_password > > > > >>>>http://..../[app]/default/database/tableshttp://..../[app]/default/database/select/[app]_eventhttp://..../[app]/default/database/create/[app]_eventhttp://..../[app]/default/database/read/[app]_event/1http://..../[app]/default/database/update/[app]_event/1http://..../[app]/default/database/delete/[app]_event/1 > > > > >>>> now add to the model > > > > >>>> mail=Mail() > > > >>>> mail.settings.server='smtp.whetever.com' > > > >>>> mail.settings.sender='....@whatever.com' > > > >>>> mail.settings.longin='username:password' > > > >>>> auth.settings.mail=mail > > > > >>>> so that registration requires email verification > > > > >>>> then add > > > > >>>> auth.settings.captcha=RECAPTCHA > > > >>>> (request,public_key='RECAPTCHA_PUBLIC_KEY',private_key='RECAPTCHA_PRIVATE_K > > > >>>> EY') > > > > >>>> so that registration will use recaptcha > > > > >>>> then add > > > > >>>> crud.auth=auth > > > > >>>> so that crud will enforce role based access control.... > > > > >>>> now you lost the permission to accesshttp://.../database/.... > > > > >>>> now give yourself back permission *only* to select record in table > > > >>>> [app]_user > > > > >>>> group_id=auth.add_group(role='Manager') > > > >>>> auth.add_membership(group_id,auth.user.id) > > > >>>> auth.add_permission(group_id,'select','[app]_user') > > > > >>>> or to delete users > > > > >>>> auth.add_permission(group_id,'delete','[app]_user') > > > > >>>> get the idea?.... I think I have been following (or tried to) the > > > >>>> advice of some of the members here like Yarko, Ceej, Bill, Fran, and > > > >>>> others. > > > > >>>> There is a lot more stuff in there (like decorators that enforce > > > >>>> permissions) that needs polishing and documenting. > > > > >>>> Volunteers to help? > > > > >>>> Massimo > > > > -- > > > Timothy Farrell <tfarr...@swgen.com> > > > Computer Guy > > > Statewide General Insurance Agency (www.swgen.com) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
