TurboGears provides the identity module for easy authentication/authorization in your web applications.
You can restrict access to a particular method with @require(identity.not_anonymous) or any combination of the identity checks.
Identity also provides a special controller class (SecureResource) that enables you to protect that class and all its methods with a single require=identity.not_anonymous.
You don't have to rely on your controller to provide all the variables in your Kid templatesyou can import anything you need using the <?python ?> syntax Kid provides.
It's easy to create pop-up forms with a little bit of JavaScript. But unless you submit them to the server asyncronously, this isn't quite Ajax yet. We get to Ajax more in Chapter 9, "Ajax and WhatWhat Projects."
If you want to use validators without widgets, you can use the @validate decorator and set up a dictionary of validators to match the names of the fields that are coming in from the form.