I'm building a webapp and needed to choose between Django and Pyramid. I decided to go with Pyramid.
I understand Pyramid comes with its own authentication/authorization framework which looks nice. But I haven't seen anywhere in Pyramid where users/groups/permissions are defined. In Django these things come for free.
I'm using SQLAlchemy and was wondering if there are similar users/groups/permissions already built that I can import. I'd rather not define these objects/mappings and hash/salting of passwords myself.
Django's definitions of these things are pretty much all I need.
Can anyone point my to something I can use? Or do I need to roll my own?
Pyramid has a much more flexible authentication system. And yes, if you want something simple like Django's user/group/permission concept, then flexible might be scary.
Pyramid does not have a "User" object, as it makes no assumptions about how you store your data or what ORM you use, therefore there isn't something for you like contrib.auth. You will need to hash/salt the passwords yourself using a library such as cryptacular or passlib, both found on PYPI.
As far as wanting user/group/permissions within Pyramid's system, this is achievable pretty simply by defining a RootFactory that has an __acl__ that maps groups to permissions. Permissions are assigned to views, thus are pretty static usually. If you'd like the groups (what Pyramid calls "principals") to be dynamic that is also achievable.
I'd suggest looking at the Pyramid wiki2 tutorial, as well as the shootout demo.
There are also a couple third-party packages for assisting with authorization within Pyramid if you plan to be using SQLAlchemy. apex is a more full stack solution, and ziggurat_foundations is a lower-level layer above SQLAlchemy to help you set up users and groups for your application.
Your question is fairly high level and authorization is a "hard problem", so I'll stop here and avoid regurgitating the tutorials and resources that already exist from the Pyramid tutorials to several third-party examples. If you have any specific questions please feel free to ask those in another question.
Related
I am new to learning Python for web development and have decided to go with Flask as my framework of choice as of now. I have chosen this primarily for its bare-bones approach on web development and I want to make as much of my web app custom and on my own as possible. I have made a very basic MVC framework in PHP and would like to make something like this in Python. I was researching some ways to interact with a database and add user login/register support and my original thoughts were that I wanted to do this all custom with my own methods and objects and what not. Similar to how I have done in PHP, so I can learn as much about developing my own back-end efficiently for long term production projects. In some research I found the basic objects in Flask such as Login Manager, Login-Form and Flask-Admin, etc. I don't like the idea of using these nicely packaged things that I have very little control over and have not dev'd custom.
Using that kind of stuff I also feel that I am not learning how all of that stuff works on the lowest level so I could not reproduce some of the benefits they are giving me later on in life when project circumstances change and maximum flexibility, customization, maintainability, and efficiency is needed. Obviously I am not in that position right now, but I DO know how to write this back end stuff in PHP and am just wondering if that means anything as far as managing sessions and Authentication on my own in Python/Flask, or if my thinking is totally out of ocontext and its not even close to managing the same stuff.
It is a really great idea to learn how authentication works at a low level -- it's particularly important as many people never learn this stuff, and it's quite interesting!
What I'd recommend you do is take a look at the official Flask tutorial (http://flask.pocoo.org/docs/0.10/tutorial/), as it covers a lot of this (working directly with sessions, etc.).
What I would not recommend, however, is using this sort of thing in production.
Using your own authentication code is almost never a good idea -- it's much better to rely on a well supported library that has been audited by other people for security issues.
In the Flask world you've got a couple choices:
Flask-Login: https://flask-login.readthedocs.org/en/latest/
Flask-Security: https://pythonhosted.org/Flask-Security/
Flask-Stormpath: http://flask-stormpath.readthedocs.org/en/latest/
Of those 3, I really like Flask-Stormpath -- but I'm super biased as I wrote it =)
Flask-Stormpath supports the widest array of customization / etc., and allows you to do whatever you want with it.
Hope that helps!
Flask official doc have some app examples. One of them is MiniTwit a micro Twitter clone. As it is a complete app, you could found much of what you're looking for. If you want to make something greater, try Full Stack Python Flask tutorial
I have developed Multi-tenant SAAS apps in PHP/Laravel but recently I had a challenge to develop one in Django/Python. I am still learning Django though and I really like Django rest framework (DRF). But I have difficulties to figure out the highlighted areas below, If someone shows some light, I will be good to go:
How to handle subdomains/domains and selecting the right tenant db
How to manage and dynamically handle different database in django
Can multi-tenant apps backend still be managed from Django admin interface
I will be using queues and other apps scalling techniques, need tips and tricks if any
Any example out there
Any challenge experience when developing SAAS through Django
Well...
django-subdomains
There are people who asked in SO questions about dynamic databases in django (including, ahem... me). I'm not entirely sure I understood what you mean by "dynamically handle different database" so I guess just go to the links I just mentioned and pick out the best one for your project. (also - perhaps this is more relevant?)
Check out django-multitenant-schemas and this answer too.
There was a video of the guys behind Disqus (one of the largest django app in the world) explaining how they handle scaling. Here another interesting article on the subject. Also, the legendary SO question Does Django Scale.
(and 6.) Check out this answer
I hope that's detailed enough. I know this might be a disappointing only-links answer, but this is the reality of it - Django is a newer framework, and web development with python is still less common than php. With that in mind, understand that for all the awesomness of django (and it is awesome), with more complex needs there's more you'll have to do yourself.
In this case, you'll have to figure out how to do each part of the way seperatly and then combine it all. You can easily find a way to create a REST django app for example, but then you'll need to figure out how to combine it with another package (such as the above subdomains).
You can find a million examples out there of people doing freaky things with django. It's really powerful (when I learned about dynamic models I was blown away). But the more complex your app, the more you'll need to do yourself.
Pick it up, one step at a time, and come back to SO with specific issues you're having (or the django users google group). Good luck!
Any pointers, advice on implementing a REST API on App Engine with Python? Using webapp for the application itself.
What I currently know is that I can:
hack up my own webapp handlers for handling REST-like URIs, but this seems to lose its elegance for larger amounts of resources. I mean, it's simple when it comes to temperature/atlanta, but not so much* for even a rather simple /users/alice/address/work (though do keep in mind that I'm not saying this after having implemented that, just after spending some time trying to design an appropriate handler, so my perception may be off).
use the REST functionality provided by one of the bigger Python web frameworks out there. I have some unexplainable sympathy towards web2py, but, since it's not used for the project, bundling it with the application just to provide some REST functionality seems.. overkill?
(Huh, looks like I don't like any of these approaches. Tough.)
So here's me asking: what advice, preferably based on experience, would you have for me here? What are my options, is my view of them correct, did I miss something?
Thanks in advance.
I had a similar issue. Wanting to quickly get my DataStore exposed via REST to WebApps.
Found: AppEngine REST Server.
I have only used it lightly so far, but it certainly appears to be very useful with a small amount of work. And it does use webapp as you suggested.
ProtoRPC is bundled with the SDK, and it is robust and actively developed (however experimental). Although I think the source code itself is a little convoluted, the feature-set is pretty complete and it was made by someone with experience in creating this kind of library. It supports transmiting using JSON, ProtocolBuffer and URL-encoded formats.
Also, you can create APIs that work on the server side and client side -- it defines a 'message' protocol with implementations in Python and JavaScript. I used other "RESTful" Python libraries, but no other provided this consistency out of the box.
Here is the project page and here is the mailing list.
Edit: maybe their documentation is lacking some keywords, but just to be clear: one or the purposes of ProtoRPC is to provide a solid foundation to create REST services.
I'm looking at building a website using Web.py, and there is no built-in authentication system. Having read various things about authentication on websites, a common theme I keep hearing is "Don't roll your own, use someone else's." There are some examples of simple authentication on the site, like this one, but they all say at the bottom "Don't use this in production code."
So then, is there a generic authentication library for Python that I could use with Web.py? Or, is it really not that hard to roll my own?
If you can't find one easily, then probably discarding the advice and rolling your own is not a bad choice.
I don't think you'll find anything out of the box. The authentication system, is coupled with and dependent on the architecture (in your case probably it is Web only). Having said that it'll perhaps be easier to integrate django's authentication (django.contrib.auth) by putting some hooks here and there with web.py. Even then, it'll import a lot of django'ish ORM and other stuff behind the scene, but it is definitely possible.
Try repoze.who / what - it's implemented as WSGI middleware, so should fit into your stack well.
I've been learning python for use in ArcGIS and some other non-web applications. However, now that I've taken on building a personal website I am interested in using it for web development (as it is the only scripting language I currently know).
I've noticed that there are a lot of these things called "frameworks", such as Django. From what I understand they are just a collection of packages to save you from re-inventing the wheel but I don't really know how they work.
Furthermore, I do not like GUIs, if I need a framework I would like to find one that could be used through a terminal, starts out simple and can be scaled for more complexity when I'm ready. Any advice or ideas on frameworks and why I would want to use one?
The Python web frameworks have nothing to do with GUIs, and can all be used via the terminal.
The benefits of a framework, as you say, are all to do with making your life easier by supplying the components you need to build a website: the main ones are database interaction through an ORM, a templating system, and URL routing. On top of that, the big frameworks also included optional extras like user authentication, administration interface, and so on.
Personally I like Django, but your mileage may vary: I would say, though, that whatever you do with Python and the web will require some sort of framework, even if it's one of the absolute minimal ones like Flask which basically do just the routing part. There's simply no point in writing all this stuff from scratch when it's been done for you.
I'd second the post above: Django is a great framework and will save you loads of time in the long run.
Pretty much every challenge you'll come across when writing a web application will already have been solved, e.g. How do I send emails? What about an admin interface to edit the data? User security?
In my view picking the best framework is all about the ecosystem around that framework. How well used is it? Is it discussed widely on the internet? Have others encountered, and solved, the problems I'm facing?
In terms of where you start, see the Django Tutorial here:
http://docs.djangoproject.com/en/1.2/intro/tutorial01/
If you think Django offers you too much, I'd recommend that you take a look at CherryPy just to compare the different, and much simpler, approach.
With Python, you've got lots of options. To start, I would recommend looking here -- it explains the basics and provides a fairly complete list of frameworks.
If you're looking for something that starts out simple but can also handle more complexity, then you should take a look at web2py. It requires no installation or configuration, has no dependencies, and includes a web server and a relational database. It also includes an optional web-based integrated development environment and admin interface, but you can work through the terminal instead if you prefer.
It's very easy to learn and was designed for ease of use, faster development, and security. You can get a lot done with very little code thanks to the included scaffolding app along with many sensible default behaviors. As things get more complex, web2py can handle it, as it is a well-integrated full-stack framework with lots of built-in functionality, including a database abstraction layer, form handling and validation, access control, web services, and easy Ajax integration.
Personnally, I don't use any framework, I write either from scratch on BaseHTTPServer, or using WSGI (with mod_wsgi).
It is a bit long to write the skeleton, but I think it is faster (I mean at runtime), there is less constraints, and there is lesser to learn.