i went with a custom context factory [1] per route; i.e. i have routes
for patterns like "/task/{id}/edit" or "/task/{id}/view" and register
context factories for these which retrieve the task object from the db
and compute the permissions, i.e. attach an appropriate __acl__ object
to the task object.
regards
robert[1] http://docs.pylonsproject.org/projects/pyramid/en/1.2-branch/narr/urldispatch.html#route-factories On Thu, Feb 16, 2012 at 4:12 PM, Antonio Beamud Montero <[email protected]> wrote: > Hi, what's the best way to implement a permission per object in pyramid > using SQLAlchemy to store users info, and using url distpatch. > For example, If a user has three tasks assigned, he can edit two of them, > but only view the 3rd, or view tasks of other users (if they want), but not > edit them. > > Greetings. > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/pylons-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
