close
Warning:
Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.
- Timestamp:
-
Aug 6, 2008, 8:42:55 PM (16 years ago)
- Author:
-
cmlenz
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v7
|
v8
|
|
| 28 | 28 | |
| 29 | 29 | The current branch defines an `AuthMixIn` class that auth-enabled applications are supposed to subclass. It adds a couple of method stubs to the `Application` class, and contributes a [wiki:RequestFilters request filter] that performs authentication. |
| | 30 | |
| | 31 | A concrete application would inherit from `AuthMixIn` in addition to being derived from [wiki:ApplicationObject Application], and would probably want to implement two methods for handling the domain-specific details of identifying users and controlling their access to certain actions and/or resources. For example: |
| | 32 | |
| | 33 | {{{ |
| | 34 | #!python |
| | 35 | class MyApp(Application, AuthMixIn): |
| | 36 | ... |
| | 37 | |
| | 38 | def authenticate(self, username, password=None): |
| | 39 | return User.find(name=username) |
| | 40 | |
| | 41 | def is_authorized(self, principal, action=None, resource=None): |
| | 42 | if action: |
| | 43 | return action in principal.permissions |
| | 44 | return True |
| | 45 | }}} |
| 30 | 46 | |
| 31 | 47 | === Filters Refactoring === |
