One way to do this might be to give the agent a principal like Country:US (the two letter country code of the agent's address). The customer object would have a matching ACL with their country code:
[ (Allow, 'Country:US', 'agent permissions') ] If you are using traversal and it suits your application without making your head explode, you could also expose the customers under a tree that looks like /customers/US/... /customers/UK/... /customers/CN/... /customers/all/ The US/UK/CN object would have the (Allow, 'Country:US', ...) ACL. The object /customers/US builds the partial SQLAlchemy query Session.query(Customer).filter_by(country_code='US'), passing it on to its __getitem__. Objects under /US/ only build on the filtered query and so are prevented from seeing the wrong customers. /customers/all/ is a similar object but it requires Backoffice permissions and does not filter the customers query. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/KjlhB_dVmIUJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
