On Thu, 2011-03-03 at 14:46 -0800, oO wrote:
> The conceptual problems that I have is the following:
>
> Let's say that I have an Admin resource, somewhere in my resource
> tree, that only members of the admin group can view. I've setup
> authentication and ACL and all that, and non-admin users get a
> friendly 403 message if they tried to access that resource.
>
> However, I would prefer to make sure that my base template doesn't
> contain a link to the admin page if the user is not part of the admin
> group, which is a better UI pattern. (don't show users options that
> don't apply to them)
>
> How would I implement that in Pyramid? Does the Authentication/
> Authorization layer allow me to query if the current user has a
> particular permission on a resource/view that is not the current one?
> In my example, how can I make sure that the user has permission to
> access "/admin" while rendering the template for "/" so I can include
> the admin menu item or not?
pyramid.security.has_permission('permission_name', resource, request)
>
> Ideally I'm looking for some sort of GET_URL_PERMISSION( "/admin",
> "view") function that I could call from the template and pass a url
> and permission request that would return a boolean.
>
> Disclaimer: I'm using traversal and delegate ACL at various level in
> the tree.
>
> oO
>
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
