This document describes the basics of repoze.what, including its terminology and how to configure authentication and authorization easily.
As explained previously, repoze.what‘s base authorization pattern is based on the groups to which the user belongs and the permissions granted to such groups, and such groups and permissions can be stored in different types of sources – because of that, repoze.what uses a generic terminology when it deals with those sources:
The authentication framework (repoze.who) only deals with the sources that handle your users’ credentials, while the authorization framework (repoze.what) deals with both the sources that handle your groups and those that handle your permissions.
Below are the contents of a mock .htgroups file that defines the groups of an application. In other words, such a file is a group source of type htgroups:
developers: rms, linus, guido admins: rms, linus users: gustavo, maribel
It has three sections and five items: “developers” (made up of the items “rms”, “linus” and “guido”), “admins” (made up of the items “rms” and “linus”) and “users (made up of the items “gustavo” and “maribel”).
And below are the contents of a mock .ini file that defines the permissions of the groups in an application. In other words, such a file is a permission source of type Ini:
[manage-site] admins [release-software] admins developers [contact-us] users
It has three sections and three items: “manage-site” (made up one item, “admins”), “release-software” (made up of the items “admins” and “developers”) and “contact-us” (made up of the item “users”).
If you use a database to store your users, groups and permissions, then such a database is both the group and permission source:
- The tables where you store your groups and users are the sections and the section items, respectively, of the group source.
- The tables where you store your permissions and groups are the sections and the section items, respectively, of the permission source.