The conceptual problems that I have is the following: Let's say that I have an Admin resource, somewhere in my resource tree, that only members of the admin group can view. I've setup authentication and ACL and all that, and non-admin users get a friendly 403 message if they tried to access that resource.
However, I would prefer to make sure that my base template doesn't contain a link to the admin page if the user is not part of the admin group, which is a better UI pattern. (don't show users options that don't apply to them) How would I implement that in Pyramid? Does the Authentication/ Authorization layer allow me to query if the current user has a particular permission on a resource/view that is not the current one? In my example, how can I make sure that the user has permission to access "/admin" while rendering the template for "/" so I can include the admin menu item or not? Ideally I'm looking for some sort of GET_URL_PERMISSION( "/admin", "view") function that I could call from the template and pass a url and permission request that would return a boolean. Disclaimer: I'm using traversal and delegate ACL at various level in the tree. oO -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
