pyramid.security.has_permission() takes three params, the 'context' of
which is redundant for URL dispatch apps with no non-default context
(isn't it?). In templates, we often display various UI parts depending
on the permissions the user has. For instance:
% if has_permission("admin", request.context, request):
...
% endif
The shortcut can be made a method of request, thusly:
% if request.has_permission("admin"):
...
% endif
Where the method would supply self as request and self.context as
context, unless overrides via context param which is None by default.
Alternatively, a get_permissions() method can be added (either to the
Request object or as pyramid.security method) which would return a list
of permissions for performance reasons (so we don't call a method every
time):
<%!
from pyramid.security import get_permissions()
%>
...
<%
perms = get_permissions(request)
%>
...
% if "foo" in perms:
<a href="/secure/foo">Foo Only</a>
% endif
% if "bar" in perms:
<a href="/secure/bar">Bar Only</a>
% endif
...
I know there has been talk about entire authz and authn subsystems
overhaul (via Identity IIRC?) for 2.0, but one of the strong points
either for the overhaul or not, would be an easy and fast way to get a
list of permissions for the current user (and context).
--
.oO V Oo.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
