Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 379 lines (283 sloc) 12.832 kb
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
1 ====================
2 Adding Authorization
3 ====================
4
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
5 :app:`Pyramid` provides facilities for :term:`authentication` and
6 :term:`authorization`. We'll make use of both features to provide security
7 to our application. Our application currently allows anyone with access to
8 the server to view, edit, and add pages to our wiki. We'll change that
9 to allow only people who are members of a *group* named ``group:editors``
10 to add and edit wiki pages but we'll continue allowing
11 anyone with access to the server to view pages.
12
13 We will also add a login page and a logout link on all the
14 pages. The login page will be shown when a user is denied
15 access to any of the views that require a permission, instead of
16 a default "403 Forbidden" page.
17
18 We will implement the access control with the following steps:
19
20 * Add users and groups (``security.py``, a new module).
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
21 * Add an :term:`ACL` (``models.py``).
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
22 * Add an :term:`authentication policy` and an :term:`authorization policy`
23 (``__init__.py``).
24 * Add :term:`permission` declarations to the ``edit_page`` and ``add_page``
25 views (``views.py``).
26
27 Then we will add the login and logout feature:
28
29 * Add ``login`` and ``logout`` views (``views.py``).
30 * Add a login template (``login.pt``).
31 * Make the existing views return a ``logged_in`` flag to the renderer (``views.py``).
32 * Add a "Logout" link to be shown when logged in and viewing or editing a page
33 (``view.pt``, ``edit.pt``).
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
34
f5eba4b Patricio Paez Improve ZODB tutorial (Adding Authorization)
ppaez authored
35
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
36 Access Control
37 --------------
38
39 Add users and groups
40 ~~~~~~~~~~~~~~~~~~~~
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
41
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
42 Create a new ``tutorial/tutorial/security.py`` module with the
43 following content:
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
44
45 .. literalinclude:: src/authorization/tutorial/security.py
46 :linenos:
47 :language: python
48
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
49 The ``groupfinder`` function accepts a userid and a request and
50 returns one of these values:
51
52 - If the userid exists in the system, it will return a
53 sequence of group identifiers (or an empty sequence if the user
54 isn't a member of any groups).
55 - If the userid *does not* exist in the system, it will
56 return ``None``.
57
5477d87 Steve Piercy Grammar fixes
stevepiercy authored
58 For example, ``groupfinder('editor', request )`` returns ``['group:editor']``,
696e0e3 Chris McDonough fix zodb tutorial wrt request-based authentication and authorization api...
mcdonc authored
59 ``groupfinder('viewer', request)`` returns ``[]``, and ``groupfinder('admin',
60 request)`` returns ``None``. We will use ``groupfinder()`` as an
61 :term:`authentication policy` "callback" that will provide the
62 :term:`principal` or principals for a user.
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
63
64 In a production system, user and group
65 data will most often come from a database, but here we use "dummy"
66 data to represent user and groups sources.
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
67
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
68 Add an ACL
69 ~~~~~~~~~~
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
70
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
71 Open ``tutorial/tutorial/models.py`` and add the following import
6d46a77 Patricio Paez Final details
ppaez authored
72 statement at the head:
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
73
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
74 .. literalinclude:: src/authorization/tutorial/models.py
6d46a77 Patricio Paez Final details
ppaez authored
75 :lines: 4-7
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
76 :linenos:
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
77 :language: python
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
78
6d46a77 Patricio Paez Final details
ppaez authored
79 Add the following lines to the ``Wiki`` class:
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
80
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
81 .. literalinclude:: src/authorization/tutorial/models.py
6d46a77 Patricio Paez Final details
ppaez authored
82 :lines: 9-13
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
83 :linenos:
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
84 :emphasize-lines: 4-5
85 :language: python
86
87 We import :data:`~pyramid.security.Allow`, an action that
5477d87 Steve Piercy Grammar fixes
stevepiercy authored
88 means that permission is allowed, and
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
89 :data:`~pyramid.security.Everyone`, a special :term:`principal`
90 that is associated to all requests. Both are used in the
91 :term:`ACE` entries that make up the ACL.
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
92
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
93 The ACL is a list that needs to be named `__acl__` and be an
94 attribute of a class. We define an :term:`ACL` with two
95 :term:`ACE` entries: the first entry allows any user the `view`
5477d87 Steve Piercy Grammar fixes
stevepiercy authored
96 permission, and the second entry allows the ``group:editors``
97 principal the `edit` permission.
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
98
99 The ``Wiki`` class that contains the ACL is the :term:`resource`
100 constructor for the :term:`root` resource, which is
101 a ``Wiki`` instance. The ACL is
102 provided to each view in the :term:`context` of the request, as
103 the ``context`` attribute.
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
104
105 It's only happenstance that we're assigning this ACL at class scope. An ACL
106 can be attached to an object *instance* too; this is how "row level security"
5477d87 Steve Piercy Grammar fixes
stevepiercy authored
107 can be achieved in :app:`Pyramid` applications. We actually need only *one*
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
108 ACL for the entire system, however, because our security requirements are
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
109 simple, so this feature is not demonstrated. See
110 :ref:`assigning_acls` for more information about what an
111 :term:`ACL` represents.
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
112
9168ec5 Patricio Paez Ordered sections as per the summary
ppaez authored
113 Add Authentication and Authorization Policies
114 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
115
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
116 Open ``tutorial/__init__.py`` and
117 add these import statements:
9168ec5 Patricio Paez Ordered sections as per the summary
ppaez authored
118
119 .. literalinclude:: src/authorization/tutorial/__init__.py
120 :lines: 4-5,8
121 :linenos:
122 :language: python
123
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
124 Now add those policies to the configuration:
9168ec5 Patricio Paez Ordered sections as per the summary
ppaez authored
125
126 .. literalinclude:: src/authorization/tutorial/__init__.py
b0b299f Patricio Paez Update line references
ppaez authored
127 :lines: 18-23
9168ec5 Patricio Paez Ordered sections as per the summary
ppaez authored
128 :linenos:
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
129 :emphasize-lines: 1-3,5-6
9168ec5 Patricio Paez Ordered sections as per the summary
ppaez authored
130 :language: python
131
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
132 (Only the highlighted lines need to be added.)
9168ec5 Patricio Paez Ordered sections as per the summary
ppaez authored
133
19b8207 Michael Merickel merged SHA512AuthTktAuthenticationPolicy into AuthTktAuthenticationPolic...
mmerickel authored
134 We are enabling an ``AuthTktAuthenticationPolicy``, it is based in an
0487545 Chris McDonough fix docs, upgrade tutorials, add change note, deprecate using zope.depre...
mcdonc authored
135 auth ticket that may be included in the request, and an
136 ``ACLAuthorizationPolicy`` that uses an ACL to determine the allow or deny
137 outcome for a view.
138
19b8207 Michael Merickel merged SHA512AuthTktAuthenticationPolicy into AuthTktAuthenticationPolic...
mmerickel authored
139 Note that the :class:`pyramid.authentication.AuthTktAuthenticationPolicy`
0487545 Chris McDonough fix docs, upgrade tutorials, add change note, deprecate using zope.depre...
mcdonc authored
140 constructor accepts two arguments: ``secret`` and ``callback``. ``secret`` is
141 a string representing an encryption key used by the "authentication ticket"
142 machinery represented by this policy: it is required. The ``callback`` is the
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
143 ``groupfinder()`` function that we created before.
9168ec5 Patricio Paez Ordered sections as per the summary
ppaez authored
144
145 Add permission declarations
146 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
36e9bf1 Steve Piercy Grammar fixes.
stevepiercy authored
147 Open ``tutorial/tutorial/views.py``. Add a ``permission='edit'`` parameter
5477d87 Steve Piercy Grammar fixes
stevepiercy authored
148 to the ``@view_config`` decorator for ``add_page()`` and
149 ``edit_page()``, for example:
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
150
151 .. code-block:: python
392a6c7 Antti Haapala Removed extra indentation from some examples (:linenos: should be indent...
ztane authored
152 :linenos:
153 :emphasize-lines: 3
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
154
36e9bf1 Steve Piercy Grammar fixes.
stevepiercy authored
155 @view_config(name='add_page', context='.models.Wiki',
156 renderer='templates/edit.pt',
157 permission='edit')
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
158
36e9bf1 Steve Piercy Grammar fixes.
stevepiercy authored
159 (Only the highlighted line, along with its preceding comma,
160 needs to be added.)
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
161
162 The result is that only users who possess the ``edit``
163 permission at the time of the request may invoke those two views.
164
165 Add a ``permission='view'`` parameter to the ``@view_config``
166 decorator for ``view_wiki()`` and ``view_page()``, like this:
167
168 .. code-block:: python
169 :linenos:
170 :emphasize-lines: 2
171
36e9bf1 Steve Piercy Grammar fixes.
stevepiercy authored
172 @view_config(context='.models.Page', renderer='templates/view.pt',
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
173 permission='view')
174
36e9bf1 Steve Piercy Grammar fixes.
stevepiercy authored
175 (Only the highlighted line, along with its preceding comma,
176 needs to be added.)
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
177
178 This allows anyone to invoke these two views.
179
180 We are done with the changes needed to control access. The
181 changes that follow will add the login and logout feature.
9168ec5 Patricio Paez Ordered sections as per the summary
ppaez authored
182
183 Login, Logout
184 -------------
185
9b215d2 Ken Manheimer Use active ("Run the Tests") rather than passive ("Running the Tests")
kenmanheimer authored
186 Add Login and Logout Views
187 ~~~~~~~~~~~~~~~~~~~~~~~~~~
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
188
189 We'll add a ``login`` view which renders a login form and processes
190 the post from the login form, checking credentials.
191
6d46a77 Patricio Paez Final details
ppaez authored
192 We'll also add a ``logout`` view callable to our application and
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
193 provide a link to it. This view will clear the credentials of the
194 logged in user and redirect back to the front page.
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
195
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
196 Add the following import statements to the
197 head of ``tutorial/tutorial/views.py``:
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
198
ed252bf Chris McDonough move code from login.py to views.py (like sqla tutorial)
mcdonc authored
199 .. literalinclude:: src/authorization/tutorial/views.py
0dcd56c Chris McDonough undeprecate remember/forget functions and remove remember_userid/forget_...
mcdonc authored
200 :lines: 6-13,15-17
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
201 :linenos:
0dcd56c Chris McDonough undeprecate remember/forget functions and remove remember_userid/forget_...
mcdonc authored
202 :emphasize-lines: 3,6-9,11
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
203 :language: python
204
36e9bf1 Steve Piercy Grammar fixes.
stevepiercy authored
205 (Only the highlighted lines, with other necessary modifications,
206 need to be added.)
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
207
0dcd56c Chris McDonough undeprecate remember/forget functions and remove remember_userid/forget_...
mcdonc authored
208 :meth:`~pyramid.view.forbidden_view_config` will be used
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
209 to customize the default 403 Forbidden page.
0dcd56c Chris McDonough undeprecate remember/forget functions and remove remember_userid/forget_...
mcdonc authored
210 :meth:`~pyramid.security.remember` and
211 :meth:`~pyramid.security.forget` help to create and
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
212 expire an auth ticket cookie.
213
214 Now add the ``login`` and ``logout`` views:
ed252bf Chris McDonough move code from login.py to views.py (like sqla tutorial)
mcdonc authored
215
216 .. literalinclude:: src/authorization/tutorial/views.py
0dcd56c Chris McDonough undeprecate remember/forget functions and remove remember_userid/forget_...
mcdonc authored
217 :lines: 82-120
ed252bf Chris McDonough move code from login.py to views.py (like sqla tutorial)
mcdonc authored
218 :linenos:
219 :language: python
220
36e9bf1 Steve Piercy Grammar fixes.
stevepiercy authored
221 ``login()`` has two decorators:
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
222
223 - a ``@view_config`` decorator which associates it with the
224 ``login`` route and makes it visible when we visit ``/login``,
225 - a ``@forbidden_view_config`` decorator which turns it into
36e9bf1 Steve Piercy Grammar fixes.
stevepiercy authored
226 a :term:`forbidden view`. ``login()`` will be invoked
227 when a user tries to execute a view callable for which they lack
228 authorization. For example, if a user has not logged in
229 and tries to add or edit a Wiki page, they will be shown the
230 login form before being allowed to continue.
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
231
232 The order of these two :term:`view configuration` decorators
233 is unimportant.
234
235 ``logout()`` is decorated with a ``@view_config`` decorator
236 which associates it with the ``logout`` route. It will be
237 invoked when we visit ``/logout``.
ed252bf Chris McDonough move code from login.py to views.py (like sqla tutorial)
mcdonc authored
238
9168ec5 Patricio Paez Ordered sections as per the summary
ppaez authored
239 Add the ``login.pt`` Template
240 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
241
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
242 Create ``tutorial/tutorial/templates/login.pt`` with the following
243 content:
9168ec5 Patricio Paez Ordered sections as per the summary
ppaez authored
244
245 .. literalinclude:: src/authorization/tutorial/templates/login.pt
246 :language: xml
247
36e9bf1 Steve Piercy Grammar fixes.
stevepiercy authored
248 The above template is referred in the login view that we just added
249 in ``views.py``.
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
250
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
251 Return a logged_in flag to the renderer
252 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
253
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
254 Add a ``logged_in`` parameter to the return value of
255 ``view_page()``, ``edit_page()`` and ``add_page()``,
256 like this:
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
257
258 .. code-block:: python
259 :linenos:
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
260 :emphasize-lines: 4
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
261
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
262 return dict(page = page,
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
263 content = content,
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
264 edit_url = edit_url,
696e0e3 Chris McDonough fix zodb tutorial wrt request-based authentication and authorization api...
mcdonc authored
265 logged_in = request.authenticated_userid)
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
266
36e9bf1 Steve Piercy Grammar fixes.
stevepiercy authored
267 (Only the highlighted line and a trailing comma on the preceding
268 line need to be added.)
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
269
0dcd56c Chris McDonough undeprecate remember/forget functions and remove remember_userid/forget_...
mcdonc authored
270 The :meth:`pyramid.request.Request.authenticated_userid` will be ``None`` if
271 the user is not authenticated, or a user id if the user is authenticated.
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
272
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
273 Add a "Logout" link when logged in
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
274 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
275
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
276 Open ``tutorial/tutorial/templates/edit.pt`` and
277 ``tutorial/tutorial/templates/view.pt`` and add this within the
278 ``<div id="right" class="app-welcome align-right">`` div:
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
279
280 .. code-block:: xml
281
282 <span tal:condition="logged_in">
283 <a href="${request.application_url}/logout">Logout</a>
284 </span>
285
fad5003 Patricio Paez Normalize Authorization in both tutorials 4
ppaez authored
286 The attribute ``tal:condition="logged_in"`` will make the element be
287 included when ``logged_in`` is any user id. The link will invoke
288 the logout view. The above element will not be included if ``logged_in``
289 is ``None``, such as when a user is not authenticated.
290
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
291 Seeing Our Changes
292 ------------------
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
293
6d46a77 Patricio Paez Final details
ppaez authored
294 Our ``tutorial/tutorial/__init__.py`` will look something like this
295 when we're done:
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
296
297 .. literalinclude:: src/authorization/tutorial/__init__.py
298 :linenos:
b0b299f Patricio Paez Update line references
ppaez authored
299 :emphasize-lines: 4-5,8,18-20,22-23
c226b1a Patricio Paez Normalize Authorization in both tutorials 3
ppaez authored
300 :language: python
301
6d46a77 Patricio Paez Final details
ppaez authored
302 (Only the highlighted lines need to be added.)
303
304 Our ``tutorial/tutorial/models.py`` will look something like this
305 when we're done:
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
306
307 .. literalinclude:: src/authorization/tutorial/models.py
308 :linenos:
6d46a77 Patricio Paez Final details
ppaez authored
309 :emphasize-lines: 4-7,12-13
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
310 :language: python
311
6d46a77 Patricio Paez Final details
ppaez authored
312 (Only the highlighted lines need to be added.)
313
314 Our ``tutorial/tutorial/views.py`` will look something like this
315 when we're done:
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
316
317 .. literalinclude:: src/authorization/tutorial/views.py
318 :linenos:
0dcd56c Chris McDonough undeprecate remember/forget functions and remove remember_userid/forget_...
mcdonc authored
319 :emphasize-lines: 8,11-15,17,24,29,48,52,68,72,80,82-120
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
320 :language: python
321
6d46a77 Patricio Paez Final details
ppaez authored
322 (Only the highlighted lines need to be added.)
323
324 Our ``tutorial/tutorial/templates/edit.pt`` template will look
325 something like this when we're done:
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
326
327 .. literalinclude:: src/authorization/tutorial/templates/edit.pt
328 :linenos:
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
329 :emphasize-lines: 41-43
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
330 :language: xml
331
6d46a77 Patricio Paez Final details
ppaez authored
332 (Only the highlighted lines need to be added.)
333
334 Our ``tutorial/tutorial/templates/view.pt`` template will look
335 something like this when we're done:
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
336
337 .. literalinclude:: src/authorization/tutorial/templates/view.pt
338 :linenos:
6c3dd2f Patricio Paez Normalize Authorization in both tutorials 2
ppaez authored
339 :emphasize-lines: 41-43
adee7f3 Patricio Paez ZODB tutorial Adding Authorization reorganize
ppaez authored
340 :language: xml
341
6d46a77 Patricio Paez Final details
ppaez authored
342 (Only the highlighted lines need to be added.)
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
343
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
344 Viewing the Application in a Browser
345 ------------------------------------
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
346
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
347 We can finally examine our application in a browser (See
348 :ref:`wiki-start-the-application`). Launch a browser and visit
349 each of the following URLs, check that the result is as expected:
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
350
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
351 - ``http://localhost:6543/`` invokes the
352 ``view_wiki`` view. This always redirects to the ``view_page`` view
353 of the ``FrontPage`` Page resource. It is executable by any user.
354
355 - ``http://localhost:6543/FrontPage`` invokes
356 the ``view_page`` view of the ``FrontPage`` Page resource. This is because
b743bb4 Chris McDonough tutorial accuracy and wording improvements
mcdonc authored
357 it's the :term:`default view` (a view without a ``name``) for ``Page``
358 resources. It is executable by any user.
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
359
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
360 - ``http://localhost:6543/FrontPage/edit_page``
361 invokes the edit view for the FrontPage object. It is executable by
362 only the ``editor`` user. If a different user (or the anonymous
363 user) invokes it, a login form will be displayed. Supplying the
364 credentials with the username ``editor``, password ``editor`` will
365 display the edit page form.
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
366
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
367 - ``http://localhost:6543/add_page/SomePageName``
368 invokes the add view for a page. It is executable by only
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
369 the ``editor`` user. If a different user (or the anonymous user)
370 invokes it, a login form will be displayed. Supplying the
371 credentials with the username ``editor``, password ``editor`` will
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
372 display the edit page form.
e53e134 Chris McDonough rename bfgwiki to wiki
mcdonc authored
373
a435dba Patricio Paez Normalize Authorization in both tutorials 1
ppaez authored
374 - After logging in (as a result of hitting an edit or add page
375 and submitting the login form with the ``editor``
376 credentials), we'll see a Logout link in the upper right hand
377 corner. When we click it, we're logged out, and redirected
378 back to the front page.
Something went wrong with that request. Please try again.