Hello,
My project has included some simple authentication with route factory:
# security.py
def effective_principals(self, request):
principals = [Everyone]
user = request.user
if user is not None:
principals.append(Authenticated)
principals.append(str(user.user_id))
return principals
# routes.py
config.add_handler('calendar', 'calendar/{action}', factory=calendar_factory
,
handler=CalendarView)
def calendar_factory(request):
if 'calendar_id' not in request.params:
return CalendarResource(Calendar())
calendar_id = request.params.get('calendar_id')
calendar = request.dbsession.query(Calendar)\
.filter_by(calendar_id=calendar_id).first()
if calendar is None:
raise HTTPNotFound
return CalendarResource(calendar)
class CalendarResource():
def __init__(self, calendar):
self.calendar = calendar
def __acl__(self):
return [
(Allow, Authenticated, 'view_calendar'),
(Allow, Everyone, 'add_calendar'),
(Allow, str(self.calendar.user_id), 'edit_calendar')
]
which works nice if user requests own calendar, but not if he tries to get
shared one. I tried to append request.effective_principals like this:
calendar_permissions = request.dbsession.query(CalendarPermission.cp_id,
CalendarPermission.perm_type)\
.filter_by(calendar_id=calendar_id)\
.all()
request.effective_principals.append(calendar_permissions)
but it doesn't appends effective_principals list. I got stuck hardly there
and I really can't find a way to update dynamically principals. I would be
grateful guys if you can help me resolve this problem.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/pylons-discuss/1c20670e-6a5e-41b4-91c7-f0bc0d7f9071%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
