El 16/02/12 16:44, Robert Forkel escribió:
i went with a custom context factory [1] per route; i.e. i have routes
for patterns like "/task/{id}/edit" or "/task/{id}/view" and register
context factories for these which retrieve the task object from the db
and compute the permissions, i.e. attach an appropriate __acl__ object
to the task object.
regards
robert
[1]
http://docs.pylonsproject.org/projects/pyramid/en/1.2-branch/narr/urldispatch.html#route-factories
Ok, but if you want to show the list of tasks in the index user page,
how do you check the tasks permission, for example to show a icon near
the task description, in case you can edit that task?
A lot of thanks.
PD: My conclusion is I need to created a role or group attribute in the
user-task relation, to see if the user has the correct role/group
assigned to this object...
On Thu, Feb 16, 2012 at 4:12 PM, Antonio Beamud Montero
<[email protected]> wrote:
Hi, what's the best way to implement a permission per object in pyramid
using SQLAlchemy to store users info, and using url distpatch.
For example, If a user has three tasks assigned, he can edit two of them,
but only view the 3rd, or view tasks of other users (if they want), but not
edit them.
Greetings.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
