Message from discussion Problems with AuthKit (was: Django or Pylons - comparison details)
Received: by 10.100.33.4 with SMTP id g4mr119646ang.22.1228928755577; Wed, 10
Dec 2008 09:05:55 -0800 (PST)
Date: Wed, 10 Dec 2008 09:05:55 -0800 (PST)
X-HTTP-UserAgent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:18.104.22.168)
Subject: Re: Problems with AuthKit (was: Django or Pylons - comparison
From: James Gardner <ja...@pythonweb.org>
To: pylons-discuss <firstname.lastname@example.org>
Content-Type: text/plain; charset=ISO-8859-1
Just to add to what Dalius has said...
> > a) the author or authkit is never around
I am occasionally ;-)
> > b) authkit is way over complicated
Agreed, but authentication and authorisation *is* complicated and
there are lots of different use cases.
> > c) autukit sucks in other ways
> > d) all of the above.
> This is unfortunately very true. I looked at AuthKit for possible
> inclusion in a project of mine, but it's complicated in areas it
> doesn't need to be, very basic in other areas, and not very flexible.
> In the end I wrote my own authorisation and authentication system.
AuthKit tries to be a flexible basis for your own system. Sometimes it
is easier to create your own system than to base it on AuthKit, I
don't have a problem with that.
> These are the things I wanted in my auth+auth system:
> - Customisable table names
> - Users, Roles and Permissions
> - Hide/show menu items pulled from the DB, based on permissions
> - Enable/disable links, based on permissions
> - Hide/show sections of pages, based on permissions
> - User access to pages/methods, based on permissions
> - Fairly simple access checking
AuthKit can help with all these things apart from Customisable table
names but it doesn't provide a GUI admin system which seems to be what
you are after?
> I haven't gotten the "access to pages/methods" going yet (not 100%
> sure how to implement it yet), but I have the rest of the stuff
> Some of the reasons why I couldn't use AuthKit:
> - Users/Groups far too limited (no "permissions")
> - No way to show/hide page elements based on permissions
> - No way to show/hide menu items pulled from the DB based on permissions
> - Too rigid
That's not really true is it? Have you seen this:
There are permissions for all sorts of things to do with roles,
groups, IP addresses, time of day etc etc. The permissions system is
designed in such a way that you can create your own permissions too if
the defaults don't fit your needs.
% if authorized(RemoteUser()):
<a href="/signed_in">Click here</a>.
<a href="/not_signed_in">Click here</a>.
Good luck with your implementation anyway.