On 28/02/2011 15:13, Chris McDonough wrote:
The distinction is useful when folks want to closely control user
checking for performance reasons, ala
http://docs.pylonsproject.org/projects/pyramid_cookbook/dev/authentication.html
.
I actually read that before I posted, and I just don't get it :-S
That said, if we had it to do all over again, it would be different.
See http://plope.com/pyramid_auth_design_api_postmortem
Why the desire not to correct these mistakes, say, for Pyramid 1.1 or 1.2?
Also, why not just:
class IIdentityPolicy(Interface):
""" An object representing a Pyramid identity policy. """
def identify(request):
"""
Return the claimed identity of the user associated with
the request or ``None`` if no identity can be found
associated with the request.
"""
class IAuthorizationPolicy(Interface):
""" An object representing a Pyramid authorization policy. """
def permits(context, identity, permission):
"""
Return True if the identity is allowed the permission
in the current context, else return False"""
Anything more is specific to the implementation of a particular policy,
including remember and forget, which seem heavily focussed on cookie
auth that some of us hardly ever use (REMOTE_USER for things like NTLM
and simple http basic auth the rest of the time)
Surely it's a real risk that these mistakes are left in place and the
frameworks build on top of Pyramid end up having to guess and make their
own decisisons and, before you know it, we're back with Zope 2's auth
stuff ;-)
cheers,
Chris
--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
--
You received this message because you are subscribed to the Google Groups
"pylons-devel" group.
To post to this group, send email to pylons-devel@googlegroups.com.
To unsubscribe from this group, send email to
pylons-devel+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/pylons-devel?hl=en.
