TurboGears Tutorial
TurboGears Useful Resources
Selected Reading
- TurboGears - Deployment
- TurboGears - Restful Applications
- TurboGears - Pluggable Applications
- TurboGears - Writing Extensions
- TurboGears - Hooks
- TurboGears - Scaffolding
- TurboGears - Using MongoDB
- Authorization & Authentication
- TurboGears - Admin Access
- TurboGears - Pagination
- TurboGears - DataGrid
- TurboGears - Crud Operations
- TurboGears - Creating Models
- TurboGears - Sqlalchemy
- TurboGears - Caching
- TurboGears - Cookies and Sessions
- TurboGears - Flash Messages
- TurboGears - Validation
- TurboGears - Toscawidgets Forms
- TurboGears - URL Hierarchy
- TurboGears - JSON Rendering
- TurboGears - Includes
- Genshi Template Language
- TurboGears - HTTP Methods
- TurboGears - Serving Templates
- TurboGears - Dependencies
- TurboGears - First Program
- TurboGears - Environment
- TurboGears - Overview
- TurboGears - Home
TurboGears Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Authorization & Authentication
TurboGears – Authorization & Authentication
A TurboGears apppcation is created by quickstart and setup-app options of the gearbox toolkit, which has the authorization and authentication support enabled by default. The models declared in auth.py are set up and initiapzed as per values assigned in bootstrap.py.
The following models are declared in auth.py −
User Model
The User model contains the design of a tg_user table. This table is used by the repose.who package. This repose.who package is a powerful as well as an extensible authentication pbrary for WSGI apppcations. The structure of a user model is as follows −
class User(DeclarativeBase):
"""
__tablename__ = tg_user
user_id = Column(Integer, autoincrement = True, primary_key=True)
user_name = Column(Unicode(16), unique = True, nullable = False)
email_address = Column(Unicode(255), unique = True,nullable=False)
display_name = Column(Unicode(255))
_password = Column( password , Unicode(128))
created = Column(DateTime, default = datetime.now)
This group model contains the definition tg_group table. Its definition is given in auth.py as follows −
class Group(DeclarativeBase): __tablename__ = tg_group group_id = Column(Integer, autoincrement = True,primary_key = True) group_name = Column(Unicode(16),unique = True,nullable = False) display_name = Column(Unicode(255)) created = Column(DateTime, default = datetime.now)
Another model permission is also set up, which contains permission definition.
class Permission(DeclarativeBase): __tablename__ = tg_permission permission_id = Column(Integer,autoincrement = True,primary_key = True) permission_name = Column(Unicode(63), unique = True, nullable = False) description = Column(Unicode(255))
At the time of setting up models, the following data is added in these tables −
u = model.User() u.user_name = manager u.display_name = Example manager u.email_address = manager@somedomain.com u.password = managepass model.DBSession.add(u) g = model.Group() g.group_name = managers g.display_name = Managers Group g.users.append(u) model.DBSession.add(g) p = model.Permission() p.permission_name = manage p.description = This permission gives an administrative right p.groups.append(g) model.DBSession.add(p) u1 = model.User() u1.user_name = editor u1.display_name = Example editor u1.email_address = editor@somedomain.com u1.password = editpass model.DBSession.add(u1)
Predicate Model
The predicates module in tg package contains definitions for predicate checkers. A predicate is a condition that must be met for the user to be able to access the requested source. Such a predicate, or condition, may be made up of more predicates – those are called compound predicates. Action controllers, or controllers, may have only one predicate, be it single or compound.
If a user is not logged in, or does not have the proper permissions, this predicate checker throws a 401 (HTTP Unauthorized), which is caught by the repoze.who middleware to display the login page allowing the user to login, and redirecting the user back to the proper page when they are done.
The different conditions or predicates defined in tg.predicates module are −
| Sr.No. | tg.predicates module & Description |
|---|---|
| 1 | All Check if all predicates specified are met |
| 2 | Any Check if at least one of specified predicates are met |
| 3 | is_user Check that the authenticated user s username is the specified one |
| 4 | in_group Check that the user belongs to the specific group. |
| 5 | in_all_groups Check that the user belongs to all of the specified groups. |
| 6 | in_any_group Check that the user belongs to at least one of the specified groups. |
| 7 | is_anonymous Check that the current user is anonymous. |
| 8 | has_permission Check that the current user has the specified permission. |
| 9 | has_all_permissions Check that the current user has been granted all of the specified permissions. |
| 10 | has_any_permission Check that the user has at least one of the specified permissions. |
For example, if you have a predicate, which is grant access user belonging to customers group, then you can use the following built-in predicate checker −
from tg.predicates import in_group p in_group(‘customers’)
The following predicate checker will grant access to ‘root’ user or anybody with ‘manage’ permission −
from tg.predicates import Any, is_user, has_permission p = Any(is_user( root ), has_permission( manage ), sg = Only administrators can remove blog posts )Advertisements