| 172 |
ashish |
1 |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
|
2 |
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
|
3 |
<html xmlns="http://www.w3.org/1999/xhtml"
|
|
|
4 |
xmlns:py="http://genshi.edgewall.org/"
|
|
|
5 |
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
|
6 |
|
|
|
7 |
<xi:include href="master.html" />
|
|
|
8 |
|
|
|
9 |
<head>
|
|
|
10 |
<meta content="text/html; charset=UTF-8" http-equiv="content-type"
|
|
|
11 |
py:replace="''" />
|
|
|
12 |
<title>Learning TurboGears 2.0: Quick guide to authentication.</title>
|
|
|
13 |
</head>
|
|
|
14 |
|
|
|
15 |
<body>
|
|
|
16 |
${sidebar_top()} ${sidebar_bottom()}
|
|
|
17 |
<div id="getting_started">
|
|
|
18 |
<h2>Authentication & Authorization in a TG2 site.</h2>
|
|
|
19 |
<p>If you have access to this page, this means you have enabled
|
|
|
20 |
authentication and authorization in the quickstart to create your
|
|
|
21 |
project.</p>
|
|
|
22 |
<p>The paster command will have created a few specific controllers
|
|
|
23 |
for you. But before you go to play with those controllers you'll need to
|
|
|
24 |
make sure your application has been properly bootstapped. This is dead
|
|
|
25 |
easy, here is how to do this:</p>
|
|
|
26 |
|
|
|
27 |
<span class="code"> paster setup-app development.ini </span>
|
|
|
28 |
|
|
|
29 |
<p>inside your application's folder and you'll get a database setup
|
|
|
30 |
(using the preferences you have set in your development.ini file). This
|
|
|
31 |
database will also have been prepopulated with some default
|
|
|
32 |
logins/passwords so that you can test the secured controllers and
|
|
|
33 |
methods.</p>
|
|
|
34 |
<p>To change the comportement of this setup-app command you just
|
|
|
35 |
need to edit the <span class="code">websetup.py</span> file.</p>
|
|
|
36 |
<p>Now try to visiting the <a
|
|
|
37 |
href="${tg.url('/manage_permission_only')}">manage_permission_only</a>
|
|
|
38 |
URL. You will be challenged with a login/password form.</p>
|
|
|
39 |
<p>Only managers are authorized to visit this method. You will need
|
|
|
40 |
to log-in using:
|
|
|
41 |
<p><span class="code"> login: manager </span></p>
|
|
|
42 |
<p><span class="code"> password: managepass </span></p>
|
|
|
43 |
</p>
|
|
|
44 |
<p>Another protected resource is <a
|
|
|
45 |
href="${tg.url('/editor_user_only')}">editor_user_only</a>. This one is
|
|
|
46 |
protected by a different set of permissions. You will need to be <span
|
|
|
47 |
class="code">editor</span> with a password of <span class="code">editpass</span>
|
|
|
48 |
to be able to access it.</p>
|
|
|
49 |
<p>The last kind of protected resource in this quickstarted app is a
|
|
|
50 |
full so called <a href="${tg.url('/secc')}">secure controller</a>. This
|
|
|
51 |
controller is protected globally. Instead of having a @require decorator
|
|
|
52 |
on each method, we have set an allow_only attribute at the class level.
|
|
|
53 |
All the methods in this controller will require the same level of
|
|
|
54 |
access. You need to be manager to access <a href="${tg.url('/secc')}">secc</a>
|
|
|
55 |
or <a href="${tg.url('/secc/some_where')}">secc/some_where</a>.</p>
|
|
|
56 |
</div>
|
|
|
57 |
</body>
|
|
|
58 |
</html>
|