Wanted to chime in and say this, in case it isn't obvious. You need the ALL the permissions to be contry specific not just the view, otherwise you leave a security hole open where one can view only those in his country but can update anything.
As Daniel pointed out you could use the format like [(Allow, 'Agent:US', 'read'), (Allow, 'Agent:US', 'modify')] so that you can limit the Agent users to a given country. As a point of preference I don't usually use permissions like 'ALL_PERMISSIONS', instead give the 'Backoffice' user each discrete permission they'll need, however many that might be. In your case maybe it's read and modify. That way you don't have to configure the resource being secured for multiple permissions. If it's read configure it for read, modify then modify, write then write, etc. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/r2zPDz8DBWUJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
