search

ergo / ziggurat_foundations

Framework agnostic set of sqlalchemy classes that make building applications that require permissions an easy task.
BSD 3-Clause "New" or "Revised" License
71 stars 22 forks source link

[support] Vanilla Pyramid project - how to "get_db_session", RootFactory acl not working out of the box #30

Closed peletiah closed 8 years ago

peletiah commented 8 years ago

I'm having trouble following the configuration and usage guide. Is it ok to ask for support here?

I've setup a Pyramid project with SQLAlchemy-scaffold and added all the configuration-changes as described in the docs.

First thing I'm running into is an issue with get_db_session:

Getting DBSession

In my models.py DBSession is defined as

DBSession = scoped_session(sessionmaker(extension=ZopeTransactionExtension()))

This is the alchemy-scaffold default. Shouldn't ziggurat_foundations.models.base.get_db_session be able to find myapp.models.DBSession? Since that didn't work for me, I can make basic login work with the other two approaches that are pointed out in the docs ("get_session_callable" and "ziggurat_foundations.models.DBSession = DBSession"). But should it work without these definitions?

Permissions not working as expected

The second issue is the view-permission. Clearly my users permissions are added to the RootFactory's acl:

log.debug(self.__acl__)
2015-12-14 19:36:30,202 DEBUG [pyramid_ziggurat_auth_demo.models:102][waitress] [('Allow', 'system.Authenticated', u'view'), ('Allow', u'editor', u'edit'), ('Allow', u'editor', u'delete')]

but it is not honored when I try to access a view with a permission (E.g. I have a "edit_note"-view with an "edit"-permission which should be accessible when user "editor" is logged in).

When I switch the permission to "view", it works for authenticated users (As expected) - but not the dynamic permission in the acl.

What am I missing?

I've uploaded the full code I'm using to https://github.com/peletiah/ziggurat_auth_demo (incl. DB-dump)

peletiah commented 8 years ago

Oh and is there by chance a project somewhere which uses all the features? I'm having difficulties grasping the concept of resources, specifically how to use the data-structure in the Resource-class.

ergo commented 8 years ago

As for your first question:

Getting DBSession

ziggurat_foundations.models.DBSession = DBSession

This is critical to be present because ziggurat_foundation models do not know your package name so you have to pass it to ziggurat namespace for them to pick up - the is no way around this even with vanilla scaffold - btw. new 1.7.x or 1.8 pyramid scaffold will not have global scoped session object.

Permissions not working as expected

True, this was a mistake in the documentation - the examples appended username as the user identifier where in fact pyramid's remember() gets user id, so they never were matched. I've provided a pull request to your example that corrects that and I've updated the documentation to showcase even better way of handling ACL's that normalizes user/group handling.

ergo commented 8 years ago

I will be releasing a separate scaffold that builds a small system incorporating multiple packages at once - but its not there yet.

peletiah commented 8 years ago

I will be releasing a separate scaffold

Great, looking forward to it!

Thanks for the quick fix regarding permissions and docs!

I'll try to figure out resources and implement them in my demo.