durusmail: quixote-users: Authentication/permissions
Authentication/permissions
2004-11-08
Mike Orr
2004-11-09
Neil Schemenauer
2004-11-09
Mike Orr
2004-11-10
Evan LaForge
2004-11-10
Mike Orr
2004-11-11
Michele Simionato
Authentication/permissions
Mike Orr
2004-11-08
Hello.  As I said in my last e-mail, I'm designing my first Quixote
application.  I come from a Webware background, and used Zope a bit
when it first became public.

My application has to authenticate a user, determine which group
(singular) they belong to, then enforce group permissions.  (I'm
vaguely thinking of Zope's roles.)  The permissions range from including
certain fields in the display to accessing update screens.  However, the
anonymous user can also do searches and get limited displays without
logging in.  Management wants people to be able to log in at any point
and continue their search-in-progress with upgraded permissions.  This
implies a login link on every page, which goes to a login form, then
back to the previous page, now displaying more fields or records.

Webware has a model for this.  The Admin control panel has a Page
subclass (WebKit.Admin.AdminSecurity) that intercepts the request,
diverts it to a login form as appropriate, or passes it through to
the real servlet which is a subclass.  It doesn't do
resume-query-in-progress, but I think that can be done by having the
admin routine present an alternate security page that links to the
same servlet, and passes through all GET/POST variables.  (The last
part may not be necessary?)  My question is, what's the best equivalent
for Quixote.

I could put a _q_access() at the top level of the site, but since it
can't return an alternate page, that doesn't help.  I could have
_q_access() redirect to the login form, but then I'd have to take
special care to make sure I can get back to the previous page intact.
_q_access() excels in the case of username/password mismatch, but that's
only a small part of my problem, and one that really wants to be
handled in the same function as the rest of my authentication.

Alternatives seem to be a custom Publisher subclass, calling an
authenticate() function at the beginning of every "servlet" function
(undesirable), or making all "servlets" be a subclass of an
AuthenticatedPage class (also undesirable because I'd lose Quixote's
flexibility of having any callable object be a servlet, although I
may have to do this anyway to handle the common page top/bottom).

My user scheme is like this.

    # User logs in, and  determines which group they're in.
    === user.py
        class User:
            def __init__(self, username, group):
                self.username = username
                self.group = group
                self.canViewSensitiveData = 
                self.canUpdate = 
                self.can...

        def AnonymousUser():
            return User(None, PUBLIC)

    === session.py
        from quixote import Session as _Session
        from ssdb.user import anonymousUser
        sessions = shelve.open(...)
        class Session(_Session):
            def start_request(self, req):
                _Session.start_request(self, req)
                if self.user is None:
                    self.set_user(anonymousUser())

I'm hoping that will give every page the existing user if there is one,
or the anonymous user if this is the first request.

Does this look like a sound approach?  Or how would Quixotinos do it?

--
-Mike Orr (aka. Sluggo), mso@oz.net  (iron@sense-sea-MegaSub-1-465.oz.net)
   http://sluggo.kicks-ass.org/                  Cxu vi parolas Esperante?
reply