source: gutenbach-web/authentication.html @ 973dd91

debianmacno-cupsweb
Last change on this file since 973dd91 was 973dd91, checked in by Edward Z. Yang <edwardzyang@…>, 16 years ago

Initial commit.

Signed-off-by: Edward Z. Yang <edwardzyang@…>

  • Property mode set to 100644
File size: 2.8 KB
Line 
1<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2                      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3<html xmlns="http://www.w3.org/1999/xhtml"
4      xmlns:py="http://genshi.edgewall.org/"
5      xmlns:xi="http://www.w3.org/2001/XInclude">
6
7  <xi:include href="master.html" />
8
9<head>
10  <meta content="text/html; charset=UTF-8" http-equiv="content-type" py:replace="''"/>
11  <title>Learning TurboGears 2.0: Quick guide to authentication.</title>
12</head>
13
14<body>
15    ${sidebar_top()}
16    ${sidebar_bottom()}
17  <div id="getting_started">
18    <h2>Authentication &amp; Authorization in a TG2 site.</h2>
19    <p>If you have access to this page, this means you have enabled authentication and authorization
20    in the quickstart to create your project.</p>
21    <p>
22    The paster command will have created a few specific controllers for you. But before you
23    go to play with those controllers you'll need to make sure your application has been
24    properly bootstapped.
25    This is dead easy, here is how to do this:
26    </p>
27
28    <span class="code">
29    paster setup-app development.ini
30    </span>
31
32    <p>
33    inside your application's folder and you'll get a database setup (using the preferences you have
34    set in your development.ini file). This database will also have been prepopulated with some
35    default logins/passwords so that you can test the secured controllers and methods.
36    </p>
37    <p>
38    To change the comportement of this setup-app command you just need to edit the <span class="code">websetup.py</span> file.
39    </p>
40    <p>
41    Now try to visiting the <a href="${tg.url('/manage_permission_only')}">manage_permission_only</a> URL. You will be challenged with a login/password form.
42    </p>
43    <p>
44    Only managers are authorized to visit this method. You will need to log-in using:
45        <p>
46        <span class="code">
47        login: manager
48        </span>
49        </p>
50        <p>
51        <span class="code">
52        password: managepass
53        </span>
54        </p>
55    </p>
56    <p>
57    Another protected resource is <a href="${tg.url('/editor_user_only')}">editor_user_only</a>. This one is protected by a different set of permissions.
58    You will need to be <span class="code">editor</span> with a password of <span class="code">editpass</span> to be able to access it.
59    </p>
60    <p>
61    The last kind of protected resource in this quickstarted app is a full so called <a href="${tg.url('/secc')}">secure controller</a>. This controller is protected globally.
62    Instead of having a @require decorator on each method, we have set an allow_only attribute at the class level. All the methods in this controller will
63    require the same level of access. You need to be manager to access <a href="${tg.url('/secc')}">secc</a> or <a href="${tg.url('/secc/some_where')}">secc/some_where</a>.
64    </p>
65  </div>
66</body>
67</html>
Note: See TracBrowser for help on using the repository browser.