Hi,
I'm using Cornice <https://github.com/Cornices/cornice> and Pyramid
<https://github.com/Pylons/pyramid> for my REST API server, and followed
the standard authorization examples using ACLs
<https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#assigning-acls-to-your-resource-objects>.
For example:
# The Cornice service.
bills_service = Service("bills", "/api/bills", factory=BillsListContext)
# The Context factory:
class BillListContext(object):
def __init__(self, request):
pass
@property
def __acl__(self):
return [
(Allow, "role:buyer", "get_bills"),
(Allow, "role:seller", "get_bills"),
]
# And the view function is then:
@bills_service.get(
content_type="application/json",
accept="application/json",
permission="get_bills",
)
def get_bills(request):
# …
The view implementation now contains role checks (if request.user.role...)
and services requests depending on the requesting user's role.
My question is: is there a better way to implement views for different
roles? How would I decorate view functions, each for a specified role? What
is the recommended way here?
Thanks!
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to pylons-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to pylons-discuss@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/pylons-discuss/605159f6-1461-4dd4-b133-88d7f0748795%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
