I have a pyramid project using the formalchemy admin interface. I added the basic ACL authentication and the pyramid_formalchemy plugin always denys even though I am authenticated.
Any thoughts on how only allow authenticated users to use the pyramid_formalchemy admin interface?
The authorization policy was add like this:
authn_policy = AuthTktAuthenticationPolicy('MYhiddenSECRET', callback=groupfinder) authz_policy = ACLAuthorizationPolicy() config = Configurator( settings=settings, root_factory='package.auth.RootFactory', authentication_policy=authn_policy, authorization_policy=authz_policy ) # pyramid_formalchemy's configuration config.include('pyramid_formalchemy') config.include('fa.jquery') config.formalchemy_admin('admin', package='package', view='fa.jquery.pyramid.ModelView')
pyramid_formalchemy
uses the permissions'view', 'edit', 'delete', 'new'
to determine who can do what. The__acl__
is propagated down from your SQLAlchemy model object. Thus, you need to put an__acl__
on each of your model objects allowing your desired groups access to those permissions. For example, from thepyramid_formalchemy
pyramidapp
example project:Of course, if you do not supply an
__acl__
then it will look in the lineage of the resource tree until it hits thefactory
. By default,pyramid_formalchemy
defines its own factorypyramid_formalchemy.resources.Models
, however you can subclass this and provide an__acl__
to it, as a global for all of your models: