[Twisted-web] Get access to Avatar from Resource object?
exarkun at twistedmatrix.com
exarkun at twistedmatrix.com
Mon Mar 5 10:09:20 EST 2012
On 02:58 pm, jacek99 at gmail.com wrote:
>Hi, I have an extra question going back to our original discussion on
>security.
>
>If I serve a Resource Avatar from a Realm, is there any built-in way to
>attach something to the request as it is being intercepted by the
>Realm?
>
>For example, for every request I would like to create a Principal
>object
>(username,first name,last name, list of privileges, etc.) and attach it
>to
>every request that has been authenticated.
>> From the API I see, it seems you can serve a customized Resource (and
>>that
>is fine for simpler admin vs read-only authentication schemes), but in
>some
>cases you need really fine-grained APIs
It's actually fine for all cases, since it lets you do anything you
want. For example, make the principal an argument to your custom
Resource, save it as an attribute, and use it to make future access
control decisions.
Jean-Paul
>(where a decorator per each REST method may be the only option), so it
>would be good for every request to be linked with the Principal that
>represents the user making the request.
>
>Thanks for any suggestions
>Jacek
More information about the Twisted-web
mailing list