Identity Management

Overview

Many database-driven web applications need to identify users. For example, you log in to access your Gmail account, or to use Amazon bookstore services. TurboGears therefore provides an identity system that you can use in your applications. This system supports both authentication (who is the user?) and authorization (which rights does the user have?) features, and allows role-based access control by assigning users to groups.

You use identity decorators to require user authentication and to authorize specific accesses:

class Root(controllers.RootController):
    @expose()
    @identity.require(identity.in_group('admin'))
    def index(self):
        ...

The Role of Identity Management

You can use identity management in both controllers and templates:

  • In the controllers you specify the access restrictions on particular resources.
  • In the templates you can adapt the appearance and include or exclude content based on the user’s identity.