Hi All.
I wanted to get some opinion on how to go about implementing a slightly
complex authorization model using pyramid's security modules.
What I have is users logging in using third-party providers (using velruse
as a plugin) and manipulating various resources.
What I need is:
- individual users (aka default)
- org unit
- admins
- org members
- team unit
- admins
- team members
There can be multiple of each kind of course.
Each user can manipulate anything they own. However to allow hierarchies to
manipulate resources I have to keep track of team and org ownership too (I
think).
So far the best I can come up with is to have groups for each one of the
things defined above and use groupfinder to do a bunch of database lookups
to figure out if a given resource can be manipulated by any given
authenticated user and return the group list.
However, on the surface at least that seems quite inefficient. I was
wondering if there is a better way to go about it?
Perhaps what I am looking for is the concept of roles within groups? Is
there such a thing in pyramid's security model?
Thanks.
AM
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.
