Question

我有一个使用formalchemy管理界面的金字塔项目。我添加了基本的ACL身份验证，即使我通过身份验证，pyramid_formalchemy插件仍然会拒绝。

有关如何仅允许经过身份验证的用户使用pyramid_formalchemy管理界面的任何想法？

授权政策是这样添加的：

authn_policy = AuthTktAuthenticationPolicy('MYhiddenSECRET', callback=groupfinder)
authz_policy = ACLAuthorizationPolicy()

config = Configurator(
   settings=settings,
   root_factory='package.auth.RootFactory',
   authentication_policy=authn_policy,
   authorization_policy=authz_policy
)

# pyramid_formalchemy's configuration
config.include('pyramid_formalchemy')
config.include('fa.jquery')
config.formalchemy_admin('admin', package='package', view='fa.jquery.pyramid.ModelView')

Answer 1

pyramid_formalchemy使用权限'view', 'edit', 'delete', 'new'来确定谁可以做什么。 __acl__从SQLAlchemy模型对象向下传播。因此，您需要在每个模型对象上放置__acl__，以允许所需的组访问这些权限。例如，来自pyramid_formalchemy pyramidapp示例项目：

class Bar(Base):
    __tablename__ = 'bar'
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, 'bar_manager', ('view', 'new', 'edit', 'delete')),
        ]
    id = Column(Integer, primary_key=True)
    foo = Column(Unicode(255))

当然，如果您不提供__acl__，那么它将查看资源树的沿袭，直到它到达factory。默认情况下，pyramid_formalchemy定义了自己的工厂pyramid_formalchemy.resources.Models，但您可以将其子类化并为其提供__acl__，作为所有模型的全局：

from pyramid_formalchemy.resources import Models

class ModelsWithACL(Models):
    """A factory to override the default security setting"""
    __acl__ = [
            (Allow, 'admin', ALL_PERMISSIONS),
            (Allow, Authenticated, 'view'),
            (Allow, 'editor', 'edit'),
            (Allow, 'manager', ('new', 'edit', 'delete')),
        ]

config.formalchemy_admin('admin', package='package', view=..., factory=ModelsWithACL)

Pyramid和FormAlchemy管理界面

1 个答案: