On Wednesday, 28 May 2014 00:17:11 UTC-7, Gerhard Schmidt wrote: > > The whole problem is the authentication policy isn't context aware. you > can't pass a different context from the one in request.context to > effective_principals and further down to the callback. > > I circumvented this problem by copying the request an changing the > context before calling any authorization methods. But that's not a clean > solution. There should be a way to pass the actual context to at least > effective_principals because which principals are effective might depend > on a different context than the one in the request. > > Adding a keyword argument context to effective_principals and pass it to > the callback if the callback accepts one, would fix this problem without > loosing backward compatibility. >
It sounds like you are trying to replicate role based access control through context sensitive groups. Rather than implement this in the context insensitive groupfinder callback, you should implement it on the authorization policy level. For my project I replicated something very similar to the Zope2/CMF/Plone based local roles. I'll pull it out into a separate package if it's useful to others. https://github.com/ENCODE-DCC/encoded/blob/v11.0rc1/src/encoded/local_roles.py Laurence -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
