Hi Pyramid experts, I am developing an ERP solution on Pyramid using CouchDB (no RDBMS at all !). All of the pages/resources in the system will have row-level authorization setup. I will have a page that contains a matrix of all the resources on the page as well as the Create, Read, Update and delete checkboxes for each resource. The admin will be allowed to check/uncheck the checkboxes to decide what kind of permissions the person will have.
Scenario: Supposing I give USER Timothy the EDITOR role which allows him to UPDATE and READ all Brands in the system. However, because he is an agent (like a salesperson) of France, He should be able to DELETE Brands that originate from France (meaning that Brands have an attribute that references a country). So if there were 4 Brands, B1 to B4, only B3 should be DELETABLE by Timothy because B3 originates from France. Get the picture? 1. Does the above scenario mean that EVERY time a brand is created in the system, I would have to generate for instance, "b1_create", "b1_read" .... "b1_delete", "b2_create", "b2_read", "b2_update" ... "b4_delete" permissions? 2. If the above is true, how would I dynamically assign the various permissions to a view callable in Pyramid as part of the @view_config OR does this mean I just have to handle that special case in the application logic in my view? Another example would be something like: An agent of a company can make orders. However, he should only be able to select the products (this means read permission right?) from his country. If he is an agent of France, he can only make orders of products that are only for France, not those in Germany or Holland. How would the ACL for this work....? Please let me know if this question needs improvement and I'll make the necessary changes. Thanks in advance! Regards, Mark Huang -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
