📅 最后修改于: 2020-10-19 03:34:42 🧑 作者: Mango
TurboGears应用程序是由变速箱工具箱的quickstart和setup-app选项创建的,默认情况下启用了授权和身份验证支持。根据bootstrap.py中分配的值来设置和初始化auth.py中声明的模型。
以下模型在auth.py中声明-
用户模型包含tg_user表的设计。该表由repose.who包使用。这个repose.who软件包是针对WSGI应用程序的功能强大且可扩展的身份验证库。用户模型的结构如下-
class User(DeclarativeBase):
"""
__tablename__ = 'tg_user'
user_id = Column(Integer, autoincrement = True, primary_key=True)
user_name = Column(Unicode(16), unique = True, nullable = False)
email_address = Column(Unicode(255), unique = True,nullable=False)
display_name = Column(Unicode(255))
_password = Column('password', Unicode(128))
created = Column(DateTime, default = datetime.now)
该组模型包含定义tg_group表。其定义在auth.py中给出如下:
class Group(DeclarativeBase):
__tablename__ = 'tg_group'
group_id = Column(Integer, autoincrement = True,primary_key = True)
group_name = Column(Unicode(16),unique = True,nullable = False)
display_name = Column(Unicode(255))
created = Column(DateTime, default = datetime.now)
还设置了另一个模型权限,其中包含权限定义。
class Permission(DeclarativeBase):
__tablename__ = 'tg_permission'
permission_id = Column(Integer,autoincrement = True,primary_key = True)
permission_name = Column(Unicode(63), unique = True, nullable = False)
description = Column(Unicode(255))
设置模型时,以下表中添加了以下数据:
u = model.User()
u.user_name = 'manager'
u.display_name = 'Example manager'
u.email_address = 'manager@somedomain.com'
u.password = 'managepass'
model.DBSession.add(u)
g = model.Group()
g.group_name = 'managers'
g.display_name = 'Managers Group'
g.users.append(u)
model.DBSession.add(g)
p = model.Permission()
p.permission_name = 'manage'
p.description = 'This permission gives an administrative right'
p.groups.append(g)
model.DBSession.add(p)
u1 = model.User()
u1.user_name = 'editor'
u1.display_name = 'Example editor'
u1.email_address = 'editor@somedomain.com'
u1.password = 'editpass'
model.DBSession.add(u1)
tg包中的谓词模块包含谓词检查器的定义。谓词是用户必须能够满足的条件才能访问请求的源。这样的谓词或条件可以由更多谓词组成-称为复合谓词。动作控制器或一个或多个控制器可能只有一个谓词,无论是单个谓词还是复合谓词。
如果用户未登录或没有适当的权限,则该谓词检查器将抛出401(HTTP未经授权),repoze.w中间件会捕获该401以显示允许用户登录的登录页面,并重定向用户完成操作后返回到正确的页面。
在tg.predicates模块中定义的不同条件或谓词是-
| Sr.No. | tg.predicates module & Description |
|---|---|
| 1 |
All Check if all predicates specified are met |
| 2 |
Any Check if at least one of specified predicates are met |
| 3 |
is_user Check that the authenticated user’s username is the specified one |
| 4 |
in_group Check that the user belongs to the specific group. |
| 5 |
in_all_groups Check that the user belongs to all of the specified groups. |
| 6 |
in_any_group Check that the user belongs to at least one of the specified groups. |
| 7 |
is_anonymous Check that the current user is anonymous. |
| 8 |
has_permission Check that the current user has the specified permission. |
| 9 |
has_all_permissions Check that the current user has been granted all of the specified permissions. |
| 10 |
has_any_permission Check that the user has at least one of the specified permissions. |
例如,如果您有一个谓词,即属于客户组的授予访问权限用户,则可以使用以下内置谓词检查器-
from tg.predicates import in_group
p in_group(‘customers’)
以下谓词检查器将向“ root”用户或具有“ manage”权限的任何人授予访问权限-
from tg.predicates import Any, is_user, has_permission
p = Any(is_user('root'), has_permission('manage'),
sg = 'Only administrators can remove blog posts')