Edward F. Long, Jr.
Thu, 16 Sep 2010 12:29:16 -0700
Hello: I'm trying to use the zope security/permission model to restrict access to certain fields in an interface based on the permission of the person making the request.
I've taken a look at how launchpad does permissions, and its not immediately
clear on how to get this working
Could you give me some pointers in how to get started...
here's an example of what i'm trying to do:
our exposed Account entry resource has 3 fields (everything is read only)
public_foo
restricted_bar
restricted_baz
We have 2 roles, public and restricted.
public will only display 'public_foo'
restricted will display 'public_foo', as well as 'restricted_bar', and
'restricted_baz'
based on what I saw in launchpad, id expect our ZCML to look something like
this:
<permission id="api.permissions.Public" title="Public view
(Read-only)." />
<permission id="api.permissions.Restricted" title="Restricted view
(Read-Only)." />
<securityPolicy component="sylph.security.SecurityPolicy" />
<class class="core_models.models.account.Account">
<allow interface="sylph.interfaces.IAccount"
<require permission="api.permissions.Restricted"
interface="sylph.interfaces.IAccountRestricted" />
</class>
Any suggestions would be greatly appreciated.
Thanks
Edward F. Long, Jr.
Web Developer
AWeber Communications
x748
Programmer: (n)
1: a multi-cellular organism that can convert caffeine into computer code
(see also: geek)
_______________________________________________
Mailing list: https://launchpad.net/~lazr-users
Post to : lazr-users@lists.launchpad.net
Unsubscribe : https://launchpad.net/~lazr-users
More help : https://help.launchpad.net/ListHelp