[Twisted-web] Role-based security authorization
Jacek Furmankiewicz
jacek99 at gmail.com
Tue Sep 6 10:46:30 EDT 2011
While reading up the docs on Twisted security and HTTP auth, it seems they
are all geared towards pure authentication,
but don't address the authorization part.
For example, in our other apps we often have a security setup like this
a) users with READ_ONLY_ROLE can only access GET endpoints
b) users with READ_WRITE_ROLE can access GET, POST, PUT, DELETE endpoints
Is there any existing Twisted-based projects that provides a role-based
authorization framework on top of the core Twisted authentication APIs?
It would need a custom Avator with roles attached to it (fetched from DB or
elsewhere)
Thanks
Jacek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://twistedmatrix.com/pipermail/twisted-web/attachments/20110906/99ba84f0/attachment.htm
More information about the Twisted-web
mailing list