Web Application - User Management - RBAC

M

Martin

I am putting together a simple web-app for construction of standard documents.
Basically the app will present a form for inputting the variable content /
overriding standard text and send back a complete .doc / .swx. The motivation
for using a web app instead of templates is that I have found templates too
brittle, and I would like to store the variable/overriding data in an SQL
backend.

I would like to implement RBAC(Role Based Access Control) in the app. How would
one best go about that ? is there any code available(classes/frameworks) ? would
one render pages and thereby options based on role or guard methods(i.e. call
some kind of access control object and raise exceptions if an action is not
allowed for the role, or perhaps derive all objects from an object that
automatically handles such checks when a method is called ?) or some other
approach ? I have looked at Webwares UserKit but it is apparently incomplete and
frankly I can't figure out how it works.

I am planning to use CherryPy as a framework, but would be open to another
approach.

Regards,

Martin
 
T

Tim Hoffman

Hi Martin

IYou probably know this already but the obvious response is to use Zope :)

Tim
 
M

Martin

Hi Martin

IYou probably know this already but the obvious response is to use Zope

Tim
Click to expand...

Yeah, but I am doing this also as an exercise. I want to understand how to put
RBAC together. Do I really have to start from scratch ? I am not pretending to
know much about web applications, but I would think there would be a lot of
generic stuff involved ?

Martin
 
R

Remi Delon

I would like to implement RBAC(Role Based Access Control) in the app. How would
one best go about that ?
Click to expand...

Well, CherryPy comes with a module called "CookieSessionAuthenticate"
but it provides only 2 states: either a user is logged or he's not.
If a user is logged in then you'll get automatically his username.
You'll have to write your own code that checks the privileges that
this user has and if he's allowed to do such and such action or not.

It also depends on what level of precision you want the privileges to
have (it could be at the URL level or at the individual function call
level) ...

But overall, it shouldn't be too hard to implement thanks to Python
:)

Regards,

Remi.
 
K

Kevin Dahlhausen

Webware for Python has a component calld 'UserKit.' It may not be
fully production ready as it stands, but could serve as a model.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Help wanted: Writing a PMI Project Management system 0
JAAS good for RBAC? 2
The Python Web Authoring and Application Pages 0
Fundamentals of Financial Management Concise 7e Brigham Houston 0
building a web interface 16
Java web application frameworks / architecture 33
Web Framework suggestions for a RIA type application for managing labspecimens 1
looking for eclipse plugin for user management in RCP application 1

Members online

No members online now.
Total: 200 (members: 0, guests: 200)
Robots: 225

Forum statistics

Threads
474,432
Messages
2,571,680
Members
48,796
Latest member
Greg L.

Latest Threads

Top