在金字塔用户认证 [英] User Authentication in Pyramid
问题描述
我建立一个web应用和Django和金字塔之间做出选择需要的。我决定去金字塔。
I'm building a webapp and needed to choose between Django and Pyramid. I decided to go with Pyramid.
我明白金字塔本身自带的认证/授权框架,它看起来不错。但我没有在那里金字塔用户/组/权限定义见过的任何地方。在Django这些东西免费的。
I understand Pyramid comes with its own authentication/authorization framework which looks nice. But I haven't seen anywhere in Pyramid where users/groups/permissions are defined. In Django these things come for free.
我使用SQLAlchemy的,如果有已经建成,我可以导入相似的用户/组/权限不知道。我宁愿没有定义密码的这些对象/映射和散列/腌制自己。
I'm using SQLAlchemy and was wondering if there are similar users/groups/permissions already built that I can import. I'd rather not define these objects/mappings and hash/salting of passwords myself.
Django的这些东西定义是pretty很多我需要的。
Django's definitions of these things are pretty much all I need.
任何人都能指出我的东西,我可以使用?还是我需要推出自己的?
Can anyone point my to something I can use? Or do I need to roll my own?
推荐答案
金字塔有一个更灵活的身份验证系统。是的,如果你想要的东西简单的像Django的用户/组/权限的概念,那么灵活的可能是可怕的。
Pyramid has a much more flexible authentication system. And yes, if you want something simple like Django's user/group/permission concept, then flexible might be scary.
金字塔并没有一个用户的对象,因为它没有关于你如何存储你的数据,或者你用什么ORM的假设,所以没有东西给你喜欢contrib.auth。您需要哈希/盐使用库密码自己如cryptacular或passlib,既PyPI上找到。
Pyramid does not have a "User" object, as it makes no assumptions about how you store your data or what ORM you use, therefore there isn't something for you like contrib.auth. You will need to hash/salt the passwords yourself using a library such as cryptacular or passlib, both found on PYPI.
至于金字塔的体制内想用户/组/权限,这是可以实现pretty简单地定义,有一个 __ ACL __ 映射组权限的RootFactory 。权限分配给的意见,从而为pretty静态一般。如果您想组(什么金字塔称为校长),是动态的,这也是可以实现的。
As far as wanting user/group/permissions within Pyramid's system, this is achievable pretty simply by defining a RootFactory that has an __acl__ that maps groups to permissions. Permissions are assigned to views, thus are pretty static usually. If you'd like the groups (what Pyramid calls "principals") to be dynamic that is also achievable.
I'd suggest looking at the Pyramid wiki2 tutorial, as well as the shootout demo.
有也有金字塔内协助授权如果计划使用SQLAlchemy的一对夫妇的第三方软件包。 顶点是一个更完整的堆栈解决方案,和的 ziggurat_foundations 是一个较低的水平层以上的SQLAlchemy来帮助您设置用户和组为您的应用。
There are also a couple third-party packages for assisting with authorization within Pyramid if you plan to be using SQLAlchemy. apex is a more full stack solution, and ziggurat_foundations is a lower-level layer above SQLAlchemy to help you set up users and groups for your application.
您的问题是相当高的水平和授权是一个硬问题,所以我在这里停下来,避免反刍已经从金字塔教程存在多个第三方实例教程和资源。如果您有任何具体问题请随时问那些在另外一个问题。
Your question is fairly high level and authorization is a "hard problem", so I'll stop here and avoid regurgitating the tutorials and resources that already exist from the Pyramid tutorials to several third-party examples. If you have any specific questions please feel free to ask those in another question.
这篇关于在金字塔用户认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
