<br><br><div class="gmail_quote">On Sat, Sep 22, 2012 at 11:41 PM, Matthew Pounsett <span dir="ltr"><<a href="mailto:matt@conundrum.com" target="_blank">matt@conundrum.com</a>></span> wrote:<br><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
It seems to me #1 is overkill; if I want to have methods that don't require authentication (e.g. methods for registering a user in the first place), why would I require all clients to authenticate as anonymous before using them? It would be a lot simpler to just have my xmlrpc methods check against the attributes of the current user object when called, and then return appropriately: return failures when there is no user, or when the user's attributes don't match those required by the method, and return data that a user's attributes give him/her access to when there is a user.<br>
<br>
But again, I think I'm missing some key details that just aren't in the documentation I've been able to find.<br><div class="im"></div></blockquote><div><br>You don't need the clients to authenticate as anonymous; the XML RPC code can say "if there's no credentials from client, login as anonymous."<br>
<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I've got a bit further since my initial email, and my current approach is to extend t.w.server.Site to accept a portal. I'm currently trying to separate the useful bits from the flash in the requestAvatarID and _??Authenticate methods in dbcred.py. It would be nice to have something as straight-forward as cred.py that also implemented a realm and a credentials checker so that I could see how all those pieces fit together.<br>
</blockquote><div><br>I would just add a Portal to the XML-RPC object, rather than the Site. <br></div></div><br clear="all">I'll try to write some example code later today, if I have time.<br><br>-- <br>Itamar Turner-Trauring, Future Foundries LLC<br>
<a href="http://futurefoundries.com/" target="_blank">http://futurefoundries.com/</a> — Twisted consulting, training and support.<br><br>