Having settled on OpenID for authentication, I've been looking at authorisation frameworks for app-engine with the following requirements:
- be able to create and edit groups of users
- has built in permissions such as add, edit, delete
- has sensible defaults, e.g creator of an object can edit / delete but others can't
knowing enough to know that security permissions are a bad idea to self implement without a massive brain, i've been reading through django http://docs.djangoproject.com/en/dev/topics/a开发者_如何学Cuth/ and tipfy http://www.tipfy.org/wiki/extensions/acl/ to choose one that has already been cooking in the oven for a while.
It's not obvious which will be easier / more extensible so I was hoping to be able to call on experience, recommendations or other suggestions to make a sensible decision?
Based on that there are a lot of problems with django ORM and Google app engine datastore, and http://www.tipfy.org/ says that it is made specifically for Google App Engine I must suggest typfy.
2 pretty good frameworks I tried that have authorisation are GAEFramework and web2py. They are both easier to get started with than tipfy. I hope you like these.
精彩评论