问题描述

我一直在阅读对新创建的Pyramid应用程序实施授权(和身份验证)的方法.我一直碰到称为资源"的概念.我在我的应用程序中使用python-couchdb，而根本不使用RDBMS，因此没有SQLAlchemy.如果我像这样创建一个Product对象:

I've been reading on the ways to implement authorization (and authentication) to my newly created Pyramid application. I keep bumping into the concept called "Resource". I am using python-couchdb in my application and not using RDBMS at all, hence no SQLAlchemy. If I create a Product object like so:

class Product(mapping.Document):
  item = mapping.TextField()
  name = mapping.TextField()
  sizes = mapping.ListField()

有人可以告诉我这是否也称为资源吗?我一直在阅读金字塔的整个文档，但没有在哪里用简单明了的英语来解释资源一词的(也许我只是愚蠢的).如果这是资源，那是否意味着我只是将ACL内容粘贴在这里，如下所示:

Can someone please tell me if this is also called the resource? I've been reading the entire documentation of Pyramids, but no where does it explain the term resource in plain simple english (maybe I'm just stupid). If this is the resource, does this mean I just stick my ACL stuff in here like so:

class Product(mapping.Document):
  __acl__ = [(Allow, AUTHENTICATED, 'view')]
  item = mapping.TextField()
  name = mapping.TextField()
  sizes = mapping.ListField()

  def __getitem__(self, key):
      return <something>

如果我也要使用遍历，这是否意味着我在python-couchdb产品类/资源中添加了 getitem 函数?

If I were to also use Traversal, does this mean I add the getitem function in my python-couchdb Product class/resource?

对不起，它真的与所有新术语混淆(我来自Pylons 0.9.7).

Sorry, it's just really confusing with all the new terms (I came from Pylons 0.9.7).

谢谢.

推荐答案

我认为您缺少的部分是遍历部分.是产品资源?好吧，这取决于您的遍历产生的结果，可以生产产品.....

I think the piece you are missing is the traversal part. Is Productthe resource? Well it depends on what your traversal produces, itcould produce products.....

也许最好将其从视图中浏览回去创建应用程序时如何配置它...

Perhaps it might be best to walk this through from the view back tohow it gets configured when the application is created...

这是一个典型的视图.

  @view_config(context=Product, permission="view")
  def view_product(context, request):
      pass # would do stuff

因此，当上下文是Product的实例时，将调用此视图.和如果该实例的 acl 属性具有视图"允许.那么Product实例如何成为上下文?

So this view gets called when context is an instance of Product. ANDif the acl attribute of that instance has the "view"permission. So how would an instance of Product become context?

这就是遍历魔力进来的地方.遍历只是字典的字典.所以这的一种方法如果您有一个类似

This is where the magic of traversal comes in. The very logic oftraversal is simply a dictionary of dictionaries. So one way that thiscould work for you is if you had a url like

/product/1

不知何故，某些资源需要通过url确定上下文，以便可以确定视图.如果什么我们有类似...

Somehow, some resource needs to be traversed by the segments of theurl to determine a context so that a view can be determined. What ifwe had something like...

  class ProductContainer(object):
      """
      container = ProductContainer()
      container[1]
      >>> <Product(1)>
      """
      def __init__(self, request, name="product", parent=None):
          self.__name__ = name
          self.__parent__ = parent
          self._request = request

      def __getitem__(self, key):
          p = db.get_product(id=key)

          if not p:
              raise KeyError(key)
          else:
              p.__acl__ = [(Allow, Everyone,"view")]
              p.__name__ = key
              p.__parent__ = self
              return p

现在这已包含在文档中，我正在尝试将其煮沸深入到您需要了解的基础知识. ProductContainer是一个对象就像字典一样. "名称"和"父母"金字塔需要属性，以便生成网址正确工作的方法.

Now this is covered in the documentation and I'm attempting to boil itdown to the basics you need to know. The ProductContainer is an objectthat behaves like a dictionary. The "name" and "parent"attributes are required by pyramid in order for the url generationmethods to work right.

所以现在我们有了可以遍历的资源.我们如何知道金字塔遍历ProductContainer?我们通过配置器对象.

So now we have a resource that can be traversed. How do we tellpyramid to traverse ProductContainer? We do that through theConfigurator object.

  config = Configurator()
  config.add_route(name="product",
                   path="/product/*traverse",
                   factory=ProductContainer)
  config.scan()
  application = config.make_wsgi_app()

factory参数需要一个可调用对象，并将其传递给当前对象要求.碰巧ProductContainer. init 会做很好.

The factory parameter expects a callable and it hands it the currentrequest. It just so happens that ProductContainer.init will dothat just fine.

对于这样一个简单的例子，这似乎有点多，但希望您可以想象各种可能性.这种模式允许非常精细的权限模型.

This might seem a little much for such a simple example, but hopefullyyou can imagine the possibilities. This pattern allows for verygranular permission models.

如果您不想/需要非常细致的权限模型(例如行)级别acl，您可能不需要遍历，而是可以使用具有单个根工厂的路由.

If you don't want/need a very granular permission model such as rowlevel acl's you probably don't need traversal, instead you can useroutes with a single root factory.

  class RootFactory(object):
      def __init__(self, request):
          self._request = request
          self.__acl__ = [(Allow, Everyone, "view")]  # todo: add more acls


  @view_config(permission="view", route_name="orders")
  def view_product(context, request):
      order_id, product_id = request.matchdict["order_id"], request.matchdict["product_id"]
      pass # do what you need to with the input, the security check already happened

  config = Configurator(root_factory=RootFactory)

  config.add_route(name="orders",
                   path="/order/{order_id}/products/{product_id}")

  config.scan()
  application = config.make_wsgi_app()

注意:我是从内存中获取代码示例的，显然您需要所有必要的导入等.换句话说，这不能用作复制/粘贴

note: I did the code example from memory, obviously you need all the necessary imports etc. in other words this isn't going to work as a copy/paste

这篇关于金字塔资源:简明英语的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！