Authorization¶
| state: | alpha |
|---|---|
| dependencies: | Doqu, repoze.who, repoze.what |
This bundle integrates Tool with repoze.what, a powerful and configurable authorization framework.
Object-level (“row-level”) permissions are not supported neither by this bundle nor by repoze.what itself, nor by any known related project. Please drop me a message if you have an idea on how to implement this feature.
Basic usage example:
from tool.ext.what import require, is_admin
@require(is_admin())
def some_secret_view(request):
return u'Secret text!'
API reference¶
- class tool.ext.what.predicates.is_admin(msg=None)¶
Ensures that given account has the is_admin flag set. Asserts that Authentication and identification is configured correctly.
To get this work you need to have at least one admin user:
$ ./manage.py shell >>> from tool.ext.who import User >>> user = User.objects(db)[0] # make sure it's you ;-) >>> user.is_admin = True >>> user.save()
Okay, that’s enough to let you in through the protected views.
- tool.ext.what.RepozeWhatAdapterMiddleware(app)¶
Add authentication and authorization middleware to the app.
Parameter: app – The WSGI application. Returns: The same WSGI application, with authentication and authorization middleware. People will login using HTTP Authentication and their credentials are kept in an Htpasswd file. For authorization through repoze.what, we load our groups stored in an Htgroups file and our permissions stored in an .ini file.
- tool.ext.what.setup_auth(sender, **kwargs)¶
- Wraps the WSGI application into the repoze.what middleware. Sets up a sensible default configuration for repoze.who middleware. Called automatically when the application manager is ready.