-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I would consider it a feature to /not/ tell the user why they are being denied access.
In my forbidden view I simply flash them a message saying they do not have the permissions to view that resource. Keep it simple. Particularly because you should design your application so that resources that are off limits to the user aren't obvious. (in my applications, a user without permissions would have to actually start guessing urls, ids, etc...) Roy Hyunjin Han <[email protected]> writes: > On Feb 6, 5:53 pm, Timmy <[email protected]> wrote: >> I add a view for the forbidden view: >> >> from pyramid.exceptions import Forbidden >> config.add_view(forbidden_view, context=Forbidden) >> which redirects to a log in screen. >> >> But now i added some admin things which needed 'admin' access, and I >> want to just show a "you don't have thepermission" screen, how do I >> check for that in the forbidden view? > > Hi Timmy, > > I'm also trying to retrieve the permission of the original view after > it is blocked by a forbidden exception so that I can tell the user why > the user can't see the page. > > The closest code that I can find is in > pyramid.security.view_execution_permitted(request.context, request, > viewName) but it does not return the original view's permissions and > route names don't seem to be compatible with view names. > > I think I'm near to finding a solution, though. > > RHH - -- Parnell "ixmatus" Springmeyer (http://ixmat.us) -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAEBAgAGBQJNw0mdAAoJEPvtlbpI1POLLhMH/RfgiUv9In3Zw6ut6pfUWeaC UHZubOTYPcY+7b26T9tXME7i81CMGHbjHrjrcdMneZJ8kfFm5Ws2uy2vH8FID2Ct V4si6TMd+EnK7vDfsIFYQuVxyw7hZ9b8FHu/zi2DX2QLJ3Tbg+kkv6z+eK7KTOQb MNhhqy0kFR8tRngtOxRZcCpt2Daz4ehSaY5XckWSzfQoI98p6uB/VatbER8N0v+i vNw2qLEMppwqiQlXbRczzadCJlK2JyFFcsaN7oprSE7L/4oW42znRJKoMvwSjCGp I09IWo7ghcYEbnOxcO+SN68tu9PBQCFwfIiY+mQCLWA8tZ8ayD9djwe43XzlEw4= =lPuN -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
