I really have little idea how ACL do work. I know it's pretty cool and could save me lots of time and pain. But currently i'm a bit lost. All example for pyramid do use traversal. I exclusively use URL Dispatch. I'm not sure to understand how I can build a ressource tree structure.
Here is a sample of code:
class QuestionFactory(object):
def __init__(self, request):
self.__acl__ = default[:]
self.uid = authenticated_userid(request)
self.qid = request.matchdict.get('id')
if self.qid:
self.question = request.db.questions.find_one({'_id': ObjectId(self.qid)})
if str(self.question.get('owner')) == self.uid:
self.__acl__.append((Allow, userid, 'view'))
The thing is that, it works. But I do have to define a new factory for every type of ressource. I'm not certain how I'm supposed to know which ressource I'm trying to access trough URL Dispatch and Factory. I'd see something like that
/accounts/{account} //Owners only but viewable by anyone
/messages/{message} //Owners only
/configs/{config} //Admin only
/pages/{page} //Admins only but viewable by anyone
That said here I'd have such structure
Root -\
+-- account
+-- message
+-- config
+-- page
Each of these factory has it's own special acl. The other thing is that /accounts is the main page. It doesn't have an id or anything. Also /accounts/new is also a special case. It's not an id but the view to create a new item.
I'm using a restful style with GET/PUT/DELETE/POST requirement. I'm not so sure how I'm supposed to match url to a ressource and to the right acl automatically. If I define in my root a special factory like above there is no problems.
edit
I did got it to work with the exception of some things. I finally think I understand what is the purpose of traverse. For example with we have that url: /comments/9494f0eda/new, /comments/{comment}/new
We could have to Node in our ressource tree or even 3 nodes.
The RootFactory will get inspected first, then according to our traversal. It will get the comments attribute of RootFactory, then "comment" of Comment factory and "new" of CommentFactory or of the Object itself
I don't use Factory as dict as in the example of Michael
It looks pretty much like that:
class RessourceFactory(object):
def __init__(self, parent, name):
self.__acl__ = []
self.__name__ = name
self.__parent__ = parent
self.uid = parent.uid
self.locale = parent.locale
self.db = parent.db
self.req = parent.req
This is my base ressource object. On every steps it copies information from the parent to the new child.. I could certainly bubble up my attribute.. context.parent._parent_.uid but that is just not that great.
The reason why I'm not using the dict attribute. I add to make it works with
/comments
For some reasons, it did create my CommentFactory but didn't return it as there wasn't need for a key.
So my root Factory pretty much look like this:
class RootFactory(object):
def __init__(self, request):
self.__acl__ = default[:]
self.req = request
self.db = request.db
self.uid = authenticated_userid(request)
self.locale = request.params.get('locale', 'en')
def __getitem__(self, key):
if key == 'questions':
return QuestionFactory(self, 'questions')
elif key == 'pages':
return PageFactory(self, 'pages')
elif key == 'configs':
return ConfigFactory(self, 'configs')
elif key == 'accounts':
return AccountFactory(self, 'accounts')
return self
if no item is found, RootFactory return itself if not, it return a new Factory. Since I base my code on Michael's code there is a second parameter for Factory constructor. I'm not certain to keep it as a QuestionFactory is well aware to handle "questions" so there is no need to name the factory here. It should already know its name.
class QuestionFactory(RessourceFactory):
def __init__(self, parent, name):
RessourceFactory.__init__(self, parent, name)
self.__acl__.append((Allow, 'g:admin', 'view'))
self.__acl__.append((Allow, 'g:admin', 'edit'))
self.__acl__.append((Allow, 'g:admin', 'create'))
self.__acl__.append((Allow, 'g:admin', 'delete'))
self.__acl__.append((Allow, Everyone, 'create'))
def __getitem__(self, key):
if key=='read':
return self
self.qid = key
self.question = self.db.questions.find_one({'_id': ObjectId(self.qid)})
if str(self.question.get('owner')) == self.uid:
log.info('Allowd user %s' % self.uid)
self.__acl__.append((Allow, self.uid, 'view'))
self.__acl__.append((Allow, self.uid, 'edit'))
self.__acl__.append((Allow, self.uid, 'delete'))
return self
So that is where almost all logic will go. In the init I set acl that will work for /questions in the getitem it will work for /questions/{id}/*
Since I return itself, any getitem past this RessourceFactory will point to itself unless I return a new Factory for some special case. The reason why doing so is that my context isn't just an object in database or an object.
My context handles multiple things like user id, locale and so on... when the acl is done, I have a fresh context object ready to use. It removes most of the logic in the views.
I could probably set events to query locale and uid but it really fits here. If I need anything new, I just have to edit my RootFactory and RessourceFactory to copy them to child factory.
That way if something has to change accross all views, there is no redundancy at all.
It looks like you're interested in some object/row-level security features to allow only owners of accounts to view their data. I would refer you to my previous SO answer on this topic, as well as the tutorial I've been working on for auth in URL Dispatch which is built around this answer. Specifically you might want to look at the 2.object_security
demo in the linked github project as well as the docs explaining resource trees as part of the rendered html on my site.
Pyramid authorization for stored items
https://github.com/mmerickel/pyramid_auth_demo
http://michael.merickel.org/projects/pyramid_auth_demo/
If you have any questions understanding those resources I'd be happy to elaborate further here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With