CODEWITHSUNDEEP
pythonpyramid
Juliusz
Juliusz

Reputation: 2105

Obligatory authentication in Pyramid

I am trying to build a website where authentication is obligatory, i.e. only login page is shown if user is not logged in. The question is how to achieve it with the minimal cost. I can decorate each view with 

permission='authenticated'

where 'authenticated' is the name of my permission; but maybe there is a simpler way, where by default all views require authentication.

Note I have accepted the answer below, but I believe there is more into it. Config bit: 

config = Configurator(settings=settings,
                      default_permission='standard_view',
                      root_factory='RootFactory')

Security - permission bit:

class RootFactory(object):
    __acl__ = [(Allow, Authenticated, 'standard_view'),
               (Allow, 'g:admin', 'admin_view'),
    ]

Upvotes: 1

Views: 121

Answers (1)

Raj
Raj

Reputation: 1551

There is a way to do this by setting default_permission in the Configurator object. For example, in your __init__.py you can have something similar to:

from pyramid.config import Configurator

def main(global_config, **settings):
    config = Configurator(settings=settings, default_permission='authenticated')
    config.include('pyramid_chameleon')
    config.scan()
    return config.make_wsgi_app()

You can find more information at these three links: http://docs.pylonsproject.org/docs/pyramid/en/latest/api/config.html http://docs.pylonsproject.org/docs/pyramid/en/latest/narr/security.html#setting-a-default-permission http://docs.pylonsproject.org/docs/pyramid/en/latest/api/config.html#pyramid.config.Configurator.set_default_permission

Upvotes: 2

Related Questions