5

我有一个使用正式管理界面的金字塔项目。我添加了基本的 ACL 身份验证,即使我通过了身份验证,pyramid_formalchemy 插件也总是拒绝。

关于如何只允许经过身份验证的用户使用 pyramid_formalchemy 管理界面的任何想法?

授权策略是这样添加的:

authn_policy = AuthTktAuthenticationPolicy('MYhiddenSECRET', callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()

配置 = 配置器(
   设置=设置,
   root_factory='package.auth.RootFactory',
   authentication_policy=authn_policy,
   授权策略=authz_policy
)

# pyramid_formalchemy 的配置
config.include('pyramid_formalchemy')
config.include('fa.jquery')
config.formalchemy_admin('admin', package='package', view='fa.jquery.pyramid.ModelView')
4

1 回答 1

11

pyramid_formalchemy使用权限'view', 'edit', 'delete', 'new'来确定谁可以做什么。__acl__是从您的 SQLAlchemy 模型对象向下传播的。因此,您需要__acl__在每个模型对象上放置一个允许您所需的组访问这些权限的权限。例如,从pyramid_formalchemy pyramidapp示例项目中:

class Bar(Base):
    __tablename__ = 'bar'
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, 'bar_manager', ('view', 'new', 'edit', 'delete')),
        ]
    id = Column(Integer, primary_key=True)
    foo = Column(Unicode(255))

当然,如果您不提供 an __acl__then ,它将在资源树的沿袭中查找,直到找到factory. 默认情况下,pyramid_formalchemy定义自己的 factory pyramid_formalchemy.resources.Models,但是您可以将其子类化并为其提供一个__acl__作为所有模型的全局变量:

from pyramid_formalchemy.resources import Models

class ModelsWithACL(Models):
    """A factory to override the default security setting"""
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, Authenticated, 'view'),
            (Allow, 'editor', 'edit'),
            (Allow, 'manager', ('new', 'edit', 'delete')),
        ]

config.formalchemy_admin('admin', package='package', view=..., factory=ModelsWithACL)
于 2011-04-15T15:13:42.360 回答