Hello,

My project has included some simple authentication with route factory:
# security.py
def effective_principals(self, request):
        principals = [Everyone]
        user = request.user
        if user is not None:
            principals.append(Authenticated)
            principals.append(str(user.user_id))
        return principals



# routes.py
config.add_handler('calendar', 'calendar/{action}', factory=calendar_factory
,
                   handler=CalendarView)

def calendar_factory(request):
    if 'calendar_id' not in request.params:
        return CalendarResource(Calendar())
    calendar_id = request.params.get('calendar_id')
    calendar = request.dbsession.query(Calendar)\
        .filter_by(calendar_id=calendar_id).first()
    if calendar is None:
        raise HTTPNotFound

    return CalendarResource(calendar)


class CalendarResource():
    def __init__(self, calendar):
        self.calendar = calendar

    def __acl__(self):
        return [
            (Allow, Authenticated, 'view_calendar'),
            (Allow, Everyone, 'add_calendar'),
            (Allow, str(self.calendar.user_id), 'edit_calendar')
        ]

which works nice if user requests own calendar, but not if he tries to get 
shared one. I tried to append request.effective_principals like this:
    calendar_permissions = request.dbsession.query(CalendarPermission.cp_id, 
CalendarPermission.perm_type)\
        .filter_by(calendar_id=calendar_id)\
        .all()
    request.effective_principals.append(calendar_permissions)


but it doesn't appends effective_principals list. I got stuck hardly there 
and I really can't find a way to update dynamically principals. I would be 
grateful guys if you can help me resolve this problem.

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/1c20670e-6a5e-41b4-91c7-f0bc0d7f9071%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to