On 27.05.2014 18:22, Tres Seaver wrote:
> On 05/27/2014 10:20 AM, Gerhard Schmidt wrote:
>
>> Maybe I'm doing the whole thing wrong and there is a better way to do
>> this.
>
> Use the a 'request.has_permission' check to filter the suboboejcts, e.g.::
>
> alllowed = [x for x in context.getClubs()
> if request.has_permission('view', x]That one has the same Problem. The context loss here is at pyramid/security.py line 387 says principals = authn_policy.effective_principals(self). So again only the principals of the root container are return and passed in the next line to authz_policy.permits(context, principals, permission) which fails because the group define in the context is not in principals. The problem is that the authentication policy is not context aware. Regards Estartu -- ---------------------------------------------------------------------------- Gerhard Schmidt | http://www.augusta.de/~estartu/ | Fischbachweg 3 | | PGP Public Key 86856 Hiltenfingen | JabberID: [email protected] | auf Anfrage/ Tel: 08232 77 36 4 | | on request Fax: 08232 77 36 3 | |
signature.asc
Description: OpenPGP digital signature
