Re: permission per object

Fri, 17 Feb 2012 04:52:35 -0800 

El 17/02/12 10:33, Robert Forkel escribió:

It works as follows: I register context factories per route (as named
utility in the registry) and also use the route names as permission
names. The only thing the context factories need to compute
permissions is the logged-in user which is attached to the request and
the context object which they will either retrieve from the db
according to the request's matchdict or lookup as attribute on the
request. So to compute whether a user has permission to edit task 1,
I'd retrieve task 1 from the db, lookup the context factory for
'task.edit', attach the task object to the current request (possibly
to route task.index) and check the permission for this artificial
request.

I'm not tested it, but is not simpler something like this?
User and Task and a relation between them with de permission available for this user. 

class Task(Base):
    ...
    users = orm.relationship(UserTask,
                             backref='tasks')

    def __acl__(self):
        acl = []
        for o in self.users:
            acl.append((Allow, o.user.username, o.permission))
        return acl

class UserTask(Base):
    __tablename__ = 'user_task'
    task_id = Column(Integer, ForeignKey(Task.id), primary_key=True)
    user_id = Column(Integer, ForeignKey(User.id), primary_key=True)
    user = user = orm.relationship("User", backref="tasks")
    permission = Column(Unicode(80))


And to show in my index page, all my tasks, with an edit link (if 
apply), we can check the permission with:


 d = {}
 q = DBSession.query(Task).join('user', 'users')
 res = q.filter(and_(User.username = request.user.username)
 for t in res:
   d[t.id] = None
   if has_permission('edit', t, request):
       d[t.id] = 'edit'
   return d

I'll test this weekend... any drawbacks?

To manage url's like /tasks/1/edit I need a Factory, of course.
Greetings.

--
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en.























					Reply via email to