I think I posted this on the wrong forum. I"m going to post it on the other forum, sorry about that!
On Oct 20, 11:06 pm, killer barney <[EMAIL PROTECTED]> wrote: > Loving django 1.0! > > But one thing I notice they don't seem to have is security trimming > (where you can hide certain links based on the role permissions of a > user) or any sort of roles security. Is there any solid way at going > about this that already exists in the django framework or is this > something we have to code up ourselves? I was thinking about it and > I've come up with a few possible directions. > > 1) Make an inherited request object and then running a function that > checks for proper permissions everytime a secure page is accessed. > I've seen some places do this, but it seems pretty cumbersome and > violates the DRY philosophy > > 2) Another idea is to edit the app.yaml to make sure login is required > for a certain colleciton of pages, but what if you have multiple > roles? That doesnt solve what roles can access what funcitons. And if > different roles can see different things on a page, that doesn't solve > that either. So security trimming is still an issue > > 3) Another thing I'm considering is making a custom template tag that > maybe checks for security based on url. This may be pretty tough, but > seems the most viable in doing security trimming at the very least. > Are there any better approaches to this? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
