rest_gae Implementation of class-based permission system

Implementation of class-based permission system

Open dankrause opened this issue 11 years ago • 9 comments

Implements #16 and fixes #18

Feb 19 '14 01:02 dankrause

Awesome implementation dude! :-) I've wrote down some notes on the commit...

Feb 19 '14 01:02 budowski

Also - we need to verify these changes don't mess up the users.py module (that it'll still operate normally).

Feb 19 '14 02:02 budowski

I have tested with a trivial application that uses the users module, and it didn't break anything. That's not saying much though. I think we really need to address that test suite next.

Feb 20 '14 02:02 dankrause

This should address the temp code that was left behind, as well as allow single permission objects instead of requiring lists.

Feb 20 '14 02:02 dankrause

Looks like I totally neglected to implement this in users.py - I'll get that soon.

Feb 20 '14 21:02 dankrause

Another small comment - if doing a multi-PUT - there is no validation that the user actually owns those updated models (this check should somehow be done by the Permission instance)

Feb 20 '14 23:02 budowski

Converting the user handler to use the permission system is going to take some time. I'm going to get some of it done tonight, but it may be a couple more days before I find the time to finish it.

Feb 22 '14 03:02 dankrause

This is going to be more work than I thought. The users handler embeds other routes within it, such as "me", "login", "verify", and "reset". To avoid lots of special cases, I'm going to break them out into separate routes and stuff them in a multi-route. After that is done, I may be able to use our regular rest handler for users, and get rid of A lot of duplicate code.

Feb 22 '14 15:02 dankrause

Hmmm, yeah - sorry for the work load :-/ Tell me if you want a hand in this

Feb 22 '14 22:02 budowski

rest_gae rest_gae copied to clipboard

Implementation of class-based permission system

rest_gae
rest_gae copied to clipboard