[Twisted-web] Finer-Grained Security System for Twisted
michal.dtz at gmail.com
Sun Apr 19 20:32:16 EDT 2009
2009/4/19 Jeff Rush <jeff at taupro.com>:
> 2) Alternatively, one could dynamically generate a custom tree of
> pages/resources within the realm object, returning a
> different tree depending upon the
> identity/permissions of the user.
I think this is the preferred approach ATM.
> This would seem to make it
> complicated to (a) guarantee that all visitors see the exact
> same URL structure and,
You can share the same URL mapper between all users of you site.
> (b) consume more
> time/memory with constructing duplicate page/resource trees when thousands of
> users may be visiting the site, with a mix of permissions.
You don't have to duplicate page resources; you can create a single
resource and return it for as many users as you want.
> I'm thinking I'll have to write something like decorators for page resources
> that front-end the locateChild method (for access control over traversal),
> and perhaps the renderHTTP method (for access control over page delivery) with
> permissions checking logic.
What is your permission model exactly? What kind of limitations of
current guard implementation would you like to solve?
I think I like the current approach... Once you learn how to use it
and how to set it up properly (this is a key phrase here), it will
take a few things off your head. Even if setting it up is cumbersome,
the idea of web resource wrapping an avatar object is pretty cool, as
you don't have to put access control logic into web resource objects
-- you just enable these and these resources for that level of
privleges, which in fact gives you fine-grained security model. If you
look for a tool, that handles setting up such things for you and lets
you just concentrate on the code, there's Divmod Mantissa;
unfortunatley, it is not a very well documented piece of software.
More information about the Twisted-web