It seems you're asking about how to affect the "view lookup" [1] phase of the request.
https://docs.pylonsproject.org/projects/pyramid/en/1.9-branch/narr/router.html The "permission=" is not a predicate and thus cannot be used as part of view lookup to select between various views. The way to do what you're asking (assuming that your role-based principals are mutually exclusive) is to use the "effective_principals=[some_role]" predicate which *will* allow view lookup to continue until a view that matches is found. The reason I say they must be mutually exclusive is that view lookup is effectively unordered and thus values for a predicate are expected to be tested without respect to other registered views with similar predicates. - Michael On Sun, Oct 15, 2017 at 6:51 PM, <[email protected]> wrote: > Hi, > > I'm using Cornice <https://github.com/Cornices/cornice> and Pyramid > <https://github.com/Pylons/pyramid> for my REST API server, and followed > the standard authorization examples using ACLs > <https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#assigning-acls-to-your-resource-objects>. > For example: > > # The Cornice service. > bills_service = Service("bills", "/api/bills", factory=BillsListContext) > > # The Context factory: > class BillListContext(object): > def __init__(self, request): > pass > > @property > def __acl__(self): > return [ > (Allow, "role:buyer", "get_bills"), > (Allow, "role:seller", "get_bills"), > ] > > # And the view function is then: > @bills_service.get( > content_type="application/json", > accept="application/json", > permission="get_bills", > ) > def get_bills(request): > # … > > The view implementation now contains role checks (if request.user.role...) > and services requests depending on the requesting user's role. > > My question is: is there a better way to implement views for different > roles? How would I decorate view functions, each for a specified role? What > is the recommended way here? > > Thanks! > > -- > You received this message because you are subscribed to the Google Groups > "pylons-discuss" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/pylons-discuss/605159f6-1461-4dd4-b133-88d7f0748795% > 40googlegroups.com > <https://groups.google.com/d/msgid/pylons-discuss/605159f6-1461-4dd4-b133-88d7f0748795%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAKdhhwE7COjK2tO%3D3-NR9foQyC5%2BMCky%2BarDtDdvBt%3DL5vZ9Lg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
