I have a scenario where I need to expose/remove fields in a form based on
user permission. However since I have a general purpose series of views (
CRUD pattern), my view code doesn't really know if this particular schema
will need to have fields added or not. Currently my architecture is as
follow:
class ResourceSchema():
field = ...
class ResourceObject():
schema = ResourceSchema
def create_validator():
...
def edit_validator():
...
def edit_view(request):
context = request.context
schema = context.schema(validator = context.edit_valitator).bind(
context=context )
form = deform.Form(schema, buttons=['cancel', 'update'] )
....
This way I have a series of generic views that know how to
create/view/edit/delete resources, but the mechanism as to what and how it
is done is part of the resource definition, not the views.
Within that pattern, I'm wondering where I would be able to have a defered
callback at the top-level, where I would be able to add or remove fields
based on permission.
For example, my User resource has a schema node for permissions, which only
administrators should be able to see and modify, but regular users still
need to be able to see and edit all the other fields.
As I'm writing this, I thought that a valid workaround would be to change my
Resource.schema from a property to a method, and I could do all that work
within the callable at the Resource level, before the schema is returned to
the view. Is there another way to approach the problem?
oO
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
