Pyramid is better at answering the question "what permission does the user
have?", which is likely what's controlling whether they can actually get to
the 'edit' page. Use pyramid.security.has_permission('edit',
edit_page_context, request) instead.
After evaluating the work effective_principals actually does per-call, if
you decide you must cache effective_principals, consider subclassing your
authentication policy. The new policy could stash them on the request but
the Pyramid APIs would all work in the same way.
If you have one, it can also be handy to just define a request.user
property with your application-level User() object.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/pylons-discuss/-/3_i75WIj5gQJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
