[Twisted-web] Finer-Grained Security System for Twisted Web/Nevow?

[glyph at divmod.com]

On 12:32 am, michal.dtz at gmail.com wrote:
>2009/4/19 Jeff Rush <jeff at taupro.com>:

>I think I like the current approach... Once you learn how to use it
>and how to set it up properly (this is a key phrase here), it will
>take a few things off your head. Even if setting it up is cumbersome,
>the idea of web resource wrapping an avatar object is pretty cool, as
>you don't have to put access control logic into web resource objects
>-- you just enable these and these resources for that level of
>privleges, which in fact gives you fine-grained security model.

I agree with you that the way guard/cred work is kind of neat, but it's 
kind of neat as a cooperative low-level primitive for building more 
full-featured systems on top of.  I can see the OP's point here: for a 
lot of use-cases, it's incomplete and you need to do a lot of extra 
work.  Work which isn't particularly well documented.

It would be really nice if we had more examples of *how* to build things 
on top of it.  If anyone reading this thread has some code to link to, I 
encourage you to share it.  Mantissa's sharing system is a good example, 
but it does a lot more than just wrap resources in a few simple 
permissions.  Also, as you say:
>unfortunatley, it is not a very well documented piece of software.

I look forward to your doc patches ;-).