User Authentication in Pyramid

Question

I'm building a webapp and needed to choose between Django and Pyramid. I decided to go with Pyramid.

I understand Pyramid comes with its own authentication/authorization framework which looks nice. But I haven't seen anywhere in Pyramid where users/groups/permissions are defined. In Django these things come for free.

I'm using SQLAlchemy and was wondering if there are similar users/groups/permissions already built that I can import. I'd rather not define these objects/mappings and hash/salting of passwords myself.

Django's definitions of these things are pretty much all I need.

Can anyone point my to something I can use? Or do I need to roll my own?

Answer 1

Pyramid has a much more flexible authentication system. And yes, if you want something simple like Django's user/group/permission concept, then flexible might be scary.

Pyramid does not have a "User" object, as it makes no assumptions about how you store your data or what ORM you use, therefore there isn't something for you like contrib.auth. You will need to hash/salt the passwords yourself using a library such as cryptacular or passlib, both found on PYPI.

As far as wanting user/group/permissions within Pyramid's system, this is achievable pretty simply by defining a RootFactory that has an __acl__ that maps groups to permissions. Permissions are assigned to views, thus are pretty static usually. If you'd like the groups (what Pyramid calls "principals") to be dynamic that is also achievable.

I'd suggest looking at the Pyramid wiki2 tutorial, as well as the shootout demo.

There are also a couple third-party packages for assisting with authorization within Pyramid if you plan to be using SQLAlchemy. apex is a more full stack solution, and ziggurat_foundations is a lower-level layer above SQLAlchemy to help you set up users and groups for your application.

Your question is fairly high level and authorization is a "hard problem", so I'll stop here and avoid regurgitating the tutorials and resources that already exist from the Pyramid tutorials to several third-party examples. If you have any specific questions please feel free to ask those in another question.