Hi Pyramid experts,

I am developing an ERP solution on Pyramid using CouchDB (no RDBMS at
all !).  All of the pages/resources in the system will have row-level
authorization setup.  I will have a page that contains a matrix of all
the resources on the page as well as the Create, Read, Update and
delete checkboxes for each resource.  The admin will be allowed to
check/uncheck the checkboxes to decide what kind of permissions the
person will have.

Scenario:

Supposing I give USER Timothy the EDITOR role which allows him to
UPDATE and READ all Brands in the system.  However, because he is an
agent (like a salesperson) of France, He should be able to DELETE
Brands that originate from France (meaning that Brands have an
attribute that references a country).  So if there were 4 Brands, B1
to B4, only B3 should be DELETABLE by Timothy because B3 originates
from France.  Get the picture?

1.  Does the above scenario mean that EVERY time a brand is created in
the system, I would have to generate for instance, "b1_create",
"b1_read" .... "b1_delete", "b2_create", "b2_read", "b2_update" ...
"b4_delete" permissions?

2.  If the above is true, how would I dynamically assign the various
permissions to a view callable in Pyramid as part of the @view_config
OR  does this mean I just have to handle that special case in the
application logic in my view?

Another example would be something like:

An agent of a company can make orders.  However, he should only be
able to select the products (this means read permission right?) from
his country.  If he is an agent of France, he can only make orders of
products that are only for France, not those in Germany or Holland.
How would the ACL for this work....?

Please let me know if this question needs improvement and I'll make
the necessary changes.

Thanks in advance!

Regards,
Mark Huang

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss?hl=en.

Reply via email to