[Twisted-Python] Using users/roles with Woven

[Kevin Howe]

Hi,

I've been examining /sandbox/glyph/dynademo in order to learn about guard,
and have a question about where to store login information.

NOTE: I am ultra-new to twisted, so please correct me if I am totally off
base here :)

User accounts stored in RDBMS:

  User table (user information)
      user_id, first_name, last_name, email

  Roles table (actions the user is allowed to perform)
      user_id, role

  A user may have multiple roles.

Once a user is logged in their profile is fetched from the "User" table and
their permissions are fetched from the "Roles" table. This needs to be
stored for the session so that all pages have access to it. Views are then
customized based on the roles, something like the following:

  class LoggedIn(BasePage):

      def wvupdate_info(self, request, widget, data):

          prefs = request.getSession(IPreferences)
          roles = getattr(prefs, 'roles', [])
          if 'View Info' in roles:
              return 'Information'
          else:
              return ''

Should the login profile/roles be stored somewhere other than Session? The
Twisted.Cred documentation seems to suggest that it should be stored in
either an Indentity or a Perspective:

  In order to simplify integration of services that come from lots of
different places,
  Twisted.Cred presents user-account related information in two different
ways.
  Application-independent user information, such as passwords, public keys,
and
  other things related to the existence and authentication of a particular
person
  should reside in an Identity. Information related to a particular service,
such as
  e-mail messages, high scores, or to-do lists should be represented by a
Perspective.

Could someone explain what a more twisted-style approach might be?

- Kevin