I am using object level security to enforce authz policies. So for example:
for route /u/{uid} I have a UserFactory, which loads the user data from the
database and returns that in __getitem__ which is the request.content in
the view. What I would like to do is to be able to use a container object
which has the user and additional metadata in it.
So in UserFactory I tried the following:
def __getitem__(self, id):
user = self.__class__.get(id) # sqlalchemy object
if not user:
raise KeyError
ctx = Container()
ctx.user = user
ctx.__parent__ = self
ctx.__name__ = id
return ctx
And promptly got a 403. I am not quite sure what went wrong here? It does
work if I return the user directly. Container is an empty class.
The reason I would like to do this is because I want to generate different
views for authenticated vs unauthenticated users (there are other cases
too). I could do all of that in the view itself, however in that case I
(think) I would have to have two different views for authenticated and
un-authenticated users as the permission would kick in.
Per the docs the context object needs a specific interface, but I am not
sure what that is. Also if that is the case, how does the model object get
converted to a context?
Thanks.
AM
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.
