Blame | Last modification | View Log | RSS feed
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"xmlns:py="http://genshi.edgewall.org/"xmlns:xi="http://www.w3.org/2001/XInclude"><xi:include href="master.html" /><head><meta content="text/html; charset=UTF-8" http-equiv="content-type"py:replace="''" /><title>Learning TurboGears 2.0: Quick guide to authentication.</title></head><body>${sidebar_top()} ${sidebar_bottom()}<div id="getting_started"><h2>Authentication & Authorization in a TG2 site.</h2><p>If you have access to this page, this means you have enabledauthentication and authorization in the quickstart to create yourproject.</p><p>The paster command will have created a few specific controllersfor you. But before you go to play with those controllers you'll need tomake sure your application has been properly bootstapped. This is deadeasy, here is how to do this:</p><span class="code"> paster setup-app development.ini </span><p>inside your application's folder and you'll get a database setup(using the preferences you have set in your development.ini file). Thisdatabase will also have been prepopulated with some defaultlogins/passwords so that you can test the secured controllers andmethods.</p><p>To change the comportement of this setup-app command you justneed to edit the <span class="code">websetup.py</span> file.</p><p>Now try to visiting the <ahref="${tg.url('/manage_permission_only')}">manage_permission_only</a>URL. You will be challenged with a login/password form.</p><p>Only managers are authorized to visit this method. You will needto log-in using:<p><span class="code"> login: manager </span></p><p><span class="code"> password: managepass </span></p></p><p>Another protected resource is <ahref="${tg.url('/editor_user_only')}">editor_user_only</a>. This one isprotected by a different set of permissions. You will need to be <spanclass="code">editor</span> with a password of <span class="code">editpass</span>to be able to access it.</p><p>The last kind of protected resource in this quickstarted app is afull so called <a href="${tg.url('/secc')}">secure controller</a>. Thiscontroller is protected globally. Instead of having a @require decoratoron each method, we have set an allow_only attribute at the class level.All the methods in this controller will require the same level ofaccess. You need to be manager to access <a href="${tg.url('/secc')}">secc</a>or <a href="${tg.url('/secc/some_where')}">secc/some_where</a>.</p></div></body></html>