I just built a little web application with flask and I want to manage users roles and accessibility to the endpoint according to their role etc and for that, I want to use something like acl (Access Control List) but I can't find anything useful or clear enough to understand.
I found flask-acl but the documentation is so poor, I found flask-simpleacl but I can't put my hands on any useful documentation.
I can't even find tutorials or examples about so can someone suggest a good useful flask extension or library for that or just point me to some documentation, examples or tutorials?
Thanks.
I ended up trying to use flask_principal as someone suggested to me here (but for some reason, they deleted their answer), it's great and helpful especially if you combine it with flask_login. So I hope this helps someone.
The only issue is if you want for example show/hide some content on your HTML pages based on the user's role, then you have to set it manually with session variables which is mostly going back to the start point (unless I'm missing something).
Good luck.
Related
I'm using a raspberry b+ to create some files that i would like to post on FB and Instagram (my account or any account).
I have a good industrial computer bckground but not for the "cloud" stuff.
I seen the libs for python to connect to facebook and to instagram.
(facebook-sdk, python-instagram).
I understand the code of the examples etc...
I'm just missing the context of where should I put this code to be able to interact with these "social media" sites.
Could it work just with a UPLOADER.py ?
Or do I need to set up like a webserver ? Do i need the Json.simple/google and so on ?
I understand if it's a dumb question, but I'm a bit lost...
Few "architectural" directions will do :). I'll get to understand the technical parts bymyself...
Thanks in advance!
Cheers,
Mat
You can set them up on "any" OS. Just make sure you have an internet connection. Also note, that those libraries wan't do anything unless you write the code. So you need to create a lightweight wrapper, that would pass credentials and triggers necessary functions, in a certain order. And that's pretty much it.
Could it work just with a UPLOADER.py ?
Not sure what you referring to.
Or do I need to set up like a webserver ?
No. You dont. It's not a requirements for the library.
Do i need the Json.simple/google
Take a look at the file called requirements.txt it provides a set of libraries you need to have in addition to the standart/builtin libs.
I think about writing a Python bot for a MoinMoin-based wiki, so if anyone is aware about some code sources I can use or re-use, please share a link.
If it were a MediaWiki-based robot, there is a Wikipedia page to take as a start.
The target wiki engine is MoinMoin 1.9.2 .
So far I have found a project based on xml-rpc approach and the editmoin utility.
I'd rather prefer the xml-rpc route, but my first understanding was that it may need applying a patch to the server, what is not an option.
So the second link at the moment looks more promising as a start.
Any hints and suggestions are welcome.
Edit : Should also take a look at wiki-xmlrpc-extensions (an example) .
I'm trying to integrate my MediaWiki site with some custom Python web applications. I have complete control over the MediaWiki server and am free to change the authentication plugin if needed. For the time being, I would like all users to login via a screen on the MediaWiki page (or at least they should believe they are, the whole process should be transparent to them).
In general, I would prefer not to completely write my own authentication code, but I don't mind doing some minor adapting.
I'm looking for some advice from people who have done something like this before, my questions are:
I know absolutely nothing about LDAP, but it seems rather commonly supported with various plugins for MediaWiki and Python. Is it best to have a central LDAP server, and then force all applications to authenticate here?
As compared to the above, what are the downsides of just reading from the wiki database, and comparing to see if the shared-secret from the user's cookie match, and then assuming they are logged in?
Is it advisable to use openID for a situation like this? What are some of the downsides?
This might seem obvious but have you seen the LDAP Authentication extension? We used it (with some modifications) and it works well.
You can also use in combination with e.g. Lockdown.
So my (limited) answers to your questions are:
Yes (I can't think why you would not want it in one place).
One downside is if users move groups / authentication. They need manually to delete their cookies, which can cause headaches for people supporting the wiki.
Sorry, don't know that one.
Hope this limited answer helps.
I'm developing an advertising site and want to use web services for the requests. I mean, a publisher site will put a JavaScript snippet and it will pull a banner through a REST GET.
Is the django-piston framework mature enough to implement this functionality?
I've been looking into finding the "best" Django REST package and came across this table, which is useful:
http://www.djangopackages.com/grids/g/api/
At this point (mid-2011) Django-Tastypie is the clear winner for number of authors, updated codebase, documentation, and overall activity.
EDIT, Jan.2012: I think the two leading contenders are now Django-Tastypie, and also, Django-REST-framework. The latter has a really useful feature of web-browsable APIs, which I've yet to see in other packages.
I am currently using it and it's good enough for my needs, which are fairly simple (mostly just an easy way to set up a read-only API for model data). I do have a couple of criticisms:
It doesn't seem that jespern, the code's creator, is doing much in response to issues posted to bitbucket. Possibly an unfair criticism, and activity in the django-piston Google Group. Still it's frustrating to post an issue and encounter zero response whatsoever.
It appears there are some inconsistencies or errors in the coding. For example, this issue that I posted. (I may pursue it further in the group).
I can't answer "is it mature enough." We are still evaluating our options ourselves.
However, you might want to check out these:
http://github.com/toastdriven/django-tastypie -- perhaps an up and coming competitor to piston.
http://ericholscher.com/blog/2009/nov/11/large-problems-django-mostly-solved-rest-api/
Django is certainly mature enough. It's powering more than a dozen high-profile sites in production. Piston on the other hand, I wouldn't know, except for bitbucket.org. I don't know of any other "high-profile" sites that use it. It doesn't sound like you need a complex framework on top of Django just to handle REST. You could easily implement a RESTful service on top of Django without using any other specific library.
I want to learn it but I have no idea where to start. Everything out there suggests reading the libpurple source but I don't think I understand enough c to really get a grasp of it.
There isn't much about it yet... the intro, the howto, and the sources (here browsing them online but of course you can git clone them) are about it. In particular, the tiny example client you can get from here does have some miniscule example of use of purple's facilities (definitely not enough, but maybe it can get you started with the help of some 'dir', 'help' and the like...?)
Not sure how much help this will be but based on information from here, it seems like you just install python-purple and import and call the functions as normal Python functions.
Can't help you with a concrete example as I decided to use something else. However, one of the first things I wanted to do after I cloned the repo was remove the ecore dependency. Here's a patch submitted to the mailing list to do just that: https://garage.maemo.org/pipermail/python-purple-devel/2009-March/000000.html
Incidentally, if you're looking for AIM take a look at twisted.words. For Yahoo, trying getting the source for curphoo or zinc (both are console YMSG clients). For GTalk/Jabber, I've had good experiences with xmpppy.