-
Notifications
You must be signed in to change notification settings - Fork 11
/
TODO.txt
58 lines (36 loc) · 1.32 KB
/
TODO.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
- docs
- minumum requirements:
- flask.ext.login.LoginManager
- a "login" entrypoint
- a SECRET_KEY
- tests
- write some examples
- AuthxManager.route_acl could be enforced via a central view checker,
not by a wrapper, but this could be bypassed by other before_request handlers.
The current method can already be bypassed... I guess it is up to the user to
deal with those bypasses.
- ACE parsing should be able to pick up arguments to predicates:
"ALLOW ROLE('something') ANY" or
"ALLOW ROLE.something ANY" or
('ALLOW', Role('wheel'), 'ANY')
- Figure out what to do about ANY/ALL.
- Should we have a mechanism for an ACL being different on a class vs its
instance, or should we do that via a @classproperty?
@classproperty
def __acl__(cls, self):
'''self may be None'''
Put the predicate context onto a Flask stack proxy?
from flask.ext.acl import predicate_context
@auth.predicate('ROOT')
define Root(user, **ctx):
return 'wheel' in getattr(user, 'roles', set())
- Permission checks via functions too?
@auth.permission('ANY'):
define AnyPermission(permission):
return True
Or, treat different types differently:
use for:
delete -> delete, write, read
write -> write, read
read -> read
@flask.ext.acl.register_predicate