Re: [pylons-discuss] Checking if a route is allowed

Thu, 10 Nov 2016 14:23:09 -0800 

Thanks. So this is how my site is setup:

I have a RootFactory:
class RootFactory(object):
    __acl__ = [
        (Allow, Authenticated, 'user'),
        (Allow, 'g:admin', 'admin'),
        (Allow, 'g:superadmin', 'ALL_PERMISSIONS'),
    ]


    def __init__(self, request):
        pass


used in config:


    config = Configurator(
        settings=settings,
        root_factory=RootFactory,
        authentication_policy=authn_policy,
        authorization_policy=authz_policy,
        session_factory=session_factory)

And my views are defined like this:
@view_config(route_name='admin_db_list', renderer='admin/db_list.jinja2', 
permission='superadmin')
def db_list(request): ...


So in this situation, my context is request.root (or request.context), is 
this right?

If I try view_execution_permitted(request.root, request, name='admin_db_list'), 
I get an "TypeError: No registered view satisfies the constraints."

Do I understand correctly that the name should be a @view_config name _and_ 
this means using traversal, so I should just forget about using it?

=> So in conclusion, I can only use request.has_permission and duplicate 
the permission values in template as well?













On Thursday, 10 November 2016 22:50:37 UTC+1, Mikko Ohtamaa wrote:
>
> And to elaborate the following:
>
> I simply check for the permission I know the target has using 
> request.has_permission():
>
>
> https://websauna.org/docs/narrative/user/permissions.html?highlight=permissions#checking-permissions-in-templates
>
> - Define a Root object
>
> - In this root you have a dynamic __acl__() property that gives logged in 
> users permissions based on their user id or group id
>
> - In your view you have @view_config(permission="my_permission")
>
> Example of setting a custom root:
>
>
> https://websauna.org/docs/_modules/websauna/system.html#Initializer.configure_root
>
> Some examples of dynamic __acl__
>
>
> https://github.com/websauna/websauna.blog/blob/master/websauna/blog/views.py#L45
>
>
> https://websauna.org/docs/narrative/crud/standalone.html?highlight=contract#creating-crud-resources
>
> -M
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/pylons-discuss/b5dd965d-4d4b-48a1-b6c5-fe60eae13c57%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to