金字塔和FormAlchemy管理界面

Question

我有一個使用formalchemy管理界面的金字塔項目。我添加了基本的ACL身份驗證，並且即使通過身份驗證，pyramid_formalchemy插件也始終拒絕。

有關如何只允許經過身份驗證的用戶使用pyramid_formalchemy管理界面的想法？

授權策略是添加這樣的：

 
authn_policy = AuthTktAuthenticationPolicy('MYhiddenSECRET', callback=groupfinder) 
authz_policy = ACLAuthorizationPolicy() 

config = Configurator(
    settings=settings, 
    root_factory='package.auth.RootFactory', 
    authentication_policy=authn_policy, 
    authorization_policy=authz_policy 
) 

# pyramid_formalchemy's configuration 
config.include('pyramid_formalchemy') 
config.include('fa.jquery') 
config.formalchemy_admin('admin', package='package', view='fa.jquery.pyramid.ModelView') 

Answer 1

pyramid_formalchemy使用權限'view', 'edit', 'delete', 'new'確定誰可以做什麼。 __acl__從SQLAlchemy模型對象向下傳播。因此，您需要在每個模型對象上放置一個__acl__，以允許所需的組訪問這些權限。例如，從pyramid_formalchemypyramidapp示例項目：

class Bar(Base): 
    __tablename__ = 'bar' 
    __acl__ = [ 
      (Allow, 'admin', ALL_PERMISSIONS), 
      (Allow, 'bar_manager', ('view', 'new', 'edit', 'delete')), 
     ] 
    id = Column(Integer, primary_key=True) 
    foo = Column(Unicode(255)) 

當然，如果你不提供一個__acl__那麼它將在資源樹的歷程，直至碰到factory。默認情況下，pyramid_formalchemy定義了自己的工廠pyramid_formalchemy.resources.Models，但是你也可以繼承這一點，並給它提供一個__acl__，作爲全球所有的車型：

from pyramid_formalchemy.resources import Models 

class ModelsWithACL(Models): 
    """A factory to override the default security setting""" 
    __acl__ = [ 
      (Allow, 'admin', ALL_PERMISSIONS), 
      (Allow, Authenticated, 'view'), 
      (Allow, 'editor', 'edit'), 
      (Allow, 'manager', ('new', 'edit', 'delete')), 
     ] 

config.formalchemy_admin('admin', package='package', view=..., factory=ModelsWithACL)