金字塔中的用户身份验证
[英]User Authentication in Pyramid
问题描述
I'm building a webapp and needed to choose between Django and Pyramid. 
我正在构建一个webapp,需要在Django和Pyramid之间进行选择。 I decided to go with Pyramid. 我决定和金字塔一起去。
I understand Pyramid comes with its own authentication/authorization framework which looks nice. 我知道Pyramid带有自己的身份验证/授权框架,看起来不错。 But I haven't seen anywhere in Pyramid where users/groups/permissions are defined. 但我没有在Pyramid的任何地方看到用户/组/权限的定义。 In Django these things come for free. 在Django这些东西是免费的。
I'm using SQLAlchemy and was wondering if there are similar users/groups/permissions already built that I can import. 我正在使用SQLAlchemy,并想知道是否已经构建了类似的用户/组/权限,我可以导入。 I'd rather not define these objects/mappings and hash/salting of passwords myself. 我宁愿不自己定义这些对象/映射和密码的哈希/腌制。
Django's definitions of these things are pretty much all I need. Django对这些东西的定义几乎就是我所需要的。
Can anyone point my to something I can use? 任何人都可以指出我可以使用的东西吗? Or do I need to roll my own? 或者我需要自己动手?
1 个解决方案
解决方案1
64 已采纳 2011-10-17 17:00:36
Pyramid has a much more flexible authentication system. Pyramid具有更灵活的身份验证系统。 And yes, if you want something simple like Django's user/group/permission concept, then flexible might be scary. 是的,如果你想要像Django的用户/组/权限概念那样简单,那么灵活可能会让人感到恐惧。
Pyramid does not have a "User" object, as it makes no assumptions about how you store your data or what ORM you use, therefore there isn't something for you like contrib.auth. Pyramid没有“User”对象,因为它没有假设你如何存储你的数据或你使用的ORM,所以你没有像contrib.auth那样的东西。 You will need to hash/salt the passwords yourself using a library such as cryptacular or passlib, both found on PYPI. 您需要使用诸如cryptacular或passlib之类的库来自己散列/加密密码,这些库都可以在PYPI上找到。
As far as wanting user/group/permissions within Pyramid's system, this is achievable pretty simply by defining a RootFactory that has an __acl__ that maps groups to permissions. 至于想要Pyramid系统中的用户/组/权限,这可以通过定义具有__acl__ __acl__组映射到权限的__acl__来实现。 Permissions are assigned to views, thus are pretty static usually. 权限分配给视图,因此通常非常静态。 If you'd like the groups (what Pyramid calls "principals") to be dynamic that is also achievable. 如果您希望这些组(Pyramid称之为“校长”)是动态的,也是可以实现的。
I'd suggest looking at the Pyramid wiki2 tutorial , as well as the shootout demo . 我建议看一下Pyramid wiki2教程 ,以及枪战演示 。
There are also a couple third-party packages for assisting with authorization within Pyramid if you plan to be using SQLAlchemy. 如果您打算使用SQLAlchemy,还有一些第三方软件包可以在Pyramid中协助授权。 apex is a more full stack solution, and ziggurat_foundations is a lower-level layer above SQLAlchemy to help you set up users and groups for your application. apex是一个更完整的堆栈解决方案, ziggurat_foundations是SQLAlchemy之上的低级层,可帮助您为应用程序设置用户和组。
Your question is fairly high level and authorization is a "hard problem", so I'll stop here and avoid regurgitating the tutorials and resources that already exist from the Pyramid tutorials to several third-party examples. 你的问题是相当高的水平,授权是一个“难题”,所以我会停在这里,避免将Pyramid教程中已经存在的教程和资源反复出现给几个第三方示例。 If you have any specific questions please feel free to ask those in another question. 如果您有任何具体问题,请随时询问其他问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.