def add_auth_middleware(self, app, skip_authentication): """ Configure authentication and authorization. :param app: The TG2 application. :param skip_authentication: Should authentication be skipped if explicitly requested? (used by repoze.who-testutil) :type skip_authentication: bool """ from repoze.what.plugins.quickstart import setup_sql_auth from repoze.what.plugins.pylonshq import booleanize_predicates # Predicates booleanized: booleanize_predicates() # Configuring auth logging: if 'log_stream' not in self.sa_auth: self.sa_auth['log_stream'] = logging.getLogger('auth') # Removing keywords not used by repoze.who: auth_args = copy(self.sa_auth) if 'password_encryption_method' in auth_args: del auth_args['password_encryption_method'] if not skip_authentication: if not 'cookie_secret' in auth_args.keys(): msg = "base_config.sa_auth.cookie_secret is required " \ "you must define it in app_cfg.py or set " \ "sa_auth.cookie_secret in development.ini" print msg raise ConfigurationError(message=msg) app = setup_sql_auth(app, skip_authentication=skip_authentication, **auth_args) return app
def add_auth_middleware(self, app, skip_authentication): """ Configure authentication and authorization. :param app: The TG2 application. :param skip_authentication: Should authentication be skipped if explicitly requested? (used by repoze.who-testutil) :type skip_authentication: bool """ from repoze.what.plugins.quickstart import setup_sql_auth from repoze.what.plugins.pylonshq import booleanize_predicates # Predicates booleanized: booleanize_predicates() # Configuring auth logging: if 'log_stream' not in self.sa_auth: self.sa_auth['log_stream'] = logging.getLogger('auth') # Removing keywords not used by repoze.who: auth_args = copy(self.sa_auth) if 'sa_auth' in config: auth_args.update(config.sa_auth) if 'password_encryption_method' in auth_args: del auth_args['password_encryption_method'] if not skip_authentication: if not 'cookie_secret' in auth_args.keys(): msg = "base_config.sa_auth.cookie_secret is required "\ "you must define it in app_cfg.py or set "\ "sa_auth.cookie_secret in development.ini" raise TGConfigError(msg) app = setup_sql_auth(app, skip_authentication=skip_authentication, **auth_args) return app
# * "sections" (default: "permissions"): The permissions granted to a given # group. # * "item_name" (default: "group_name"): The name of the table field that # contains the primary key in the groups table. # * "items" (default: "groups"): The groups that are granted a given # permission. adapters = configure_sql_adapters(User, Group, Permission, DBSession, group_translations={ 'section_name': 'id', 'item_name': 'email' }, permission_translations={ 'section_name': 'name', 'item_name': 'id' }) user = SQLAlchemyUserMDPlugin(User, DBSession) # we get metadata based on user id, the only attribute an user is guaranteed to # have regardles the authentication method he/she uses (Form, Facebook, Twitter) user.translations['user_name'] = 'email' group = AuthorizationMetadata({'sqlauth': adapters['group']}, {'sqlauth': adapters['permission']}) # THIS IS CRITICALLY IMPORTANT! Without this your site will # consider every repoze.what predicate True! booleanize_predicates()
# * "items" (default: "users"): The users that belong to a given group. # * Permission source adapter: # * "section_name" (default: "permission_name"): The name of the table field # that contains the primary key in the permissions table. # * "sections" (default: "permissions"): The permissions granted to a given # group. # * "item_name" (default: "group_name"): The name of the table field that # contains the primary key in the groups table. # * "items" (default: "groups"): The groups that are granted a given # permission. #adapters = configure_sql_adapters(User, Group, Permission, meta.Session, # group_translations={'section_name': 'name', # 'item_name': 'username'}, # permission_translations={'section_name': 'name', # 'item_name': 'username'}) adapters = configure_sql_adapters(User, Group, Permission, meta.Session) user = SQLAlchemyUserMDPlugin(User, meta.Session) #user.translations['user_name'] = 'username' group = AuthorizationMetadata( {'sqlauth': adapters['group']}, {'sqlauth': adapters['permission']} ) # THIS IS CRITICALLY IMPORTANT! Without this your site will # consider every repoze.what predicate True! booleanize_predicates()