Sorry if this seems like such a naive question but I can't figure out how a
user should be authenticated after reading the documentation and digging
through examples.
What do I need from Pyramid to achieve this login process for a user?
1. User submits a form
2. The user is matched to a record in the database
3. *Beaker* *session *has the user id added
>From here I'm not so sure
4. User attempts an action via a view
5. Logic is in place to check if user has permission
def edit_post(request):
...
if request.session['userId'] != authorUserId:
raise pyramid.httpexceptions.HTTPForbidden("You are not this post's
author.")
(from SO:
http://stackoverflow.com/questions/6585370/dynamic-user-based-authorization-in-pyramid
)
Note: the example from SO may not be using *Beaker*. Are these steps
correct? Is there any need to use *remember()* and *authenticated_userid() *
?
How does the server determine who *request.session *is assigned to?
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.
