On Mon, 2011-02-28 at 18:02 +0000, Chris Withers wrote: > On 28/02/2011 15:13, Chris McDonough wrote: > > The distinction is useful when folks want to closely control user > > checking for performance reasons, ala > > http://docs.pylonsproject.org/projects/pyramid_cookbook/dev/authentication.html > > . > > I actually read that before I posted, and I just don't get it :-S > > > That said, if we had it to do all over again, it would be different. > > See http://plope.com/pyramid_auth_design_api_postmortem > > Why the desire not to correct these mistakes, say, for Pyramid 1.1 or 1.2? > > Also, why not just: > > class IIdentityPolicy(Interface): > """ An object representing a Pyramid identity policy. """ > def identify(request): > """ > Return the claimed identity of the user associated with > the request or ``None`` if no identity can be found > associated with the request. > """ > > class IAuthorizationPolicy(Interface): > """ An object representing a Pyramid authorization policy. """ > def permits(context, identity, permission): > """ > Return True if the identity is allowed the permission > in the current context, else return False""" > > Anything more is specific to the implementation of a particular policy, > including remember and forget, which seem heavily focussed on cookie > auth that some of us hardly ever use (REMOTE_USER for things like NTLM > and simple http basic auth the rest of the time) > > Surely it's a real risk that these mistakes are left in place and the > frameworks build on top of Pyramid end up having to guess and make their > own decisisons and, before you know it, we're back with Zope 2's auth > stuff ;-)
Don't have the time to analyze this very deeply beyond what I did in the blog post, sorry. There's no easy way to do this and still preserve bw compat. So it's a bit of a job, if it gets done at all. That said, I don't think it's really that dire. It's a minor flaw and it doesnt really prevent anyone from getting things done. - C -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To post to this group, send email to pylons-devel@googlegroups.com. To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en.
