Extending and hoping to clarify Steve's example above, Pyramid users typically leverage the "predicates" to handle this mapping. by using the `request_method` predicate to map "GET" to "view", "POST" to "create", etc. On Monday, May 10, 2021 at 4:27:09 PM UTC-4 [email protected] wrote:
> > excellent !! > > I am very happy with pyramid and some things don't make sense *at the > beginning* but the end result is a much cleaner / simpler / modular code. > > thank you so much everyone !! > On Monday, May 10, 2021 at 11:03:50 PM UTC+3 [email protected] wrote: > >> The permission strings are arbitrary. For examples that are using ACLs >> (like the wiki tutorials) the only requirement is that the strings should >> match up to ACL entries that you are generating on your context objects. >> Pyramid does not care about the values of the strings and you could use >> "update" or "edit" or "foo". If a principal in the request and the >> permission on the view do not match an ACL entry then an HTTPForbidden >> exception is raised. >> >> On May 10, 2021, at 14:32, pzzcc <[email protected]> wrote: >> >> thank you for the input everyone. >> >> please correct me if I am wrong , does pyramid know what a ( *view* ) >> action is ? >> >> does it know that an Edit action ( is a form that is being POSTed or >> Restful call to update ? >> >> same goes for create , does it have a way to figure out that create is ( >> PUT )? >> >> >> *in other words , if I go to a view and change the view config to have a >> permssion of ( update ) instead of ( edit ) ,* >> >> *and then go to principals and update them accordingly , Pyramid it self >> wont care, would it ? * >> >> *can a view have more than one permission like ( update , create , view ) >> ? * >> >> *I am trying to figure out how it works so I can write a better code >> because I have gone through the wiki tutorial , it is great but it leaves >> you with a lot of question to be able to understand how things are put >> together .* >> >> >> On Monday, May 10, 2021 at 12:30:03 PM UTC+3 Eldav wrote: >> >>> Hello, >>> >>> you could have a look at the "Authorization" page of the SQLAlchemy + >>> URL dispatch wiki tutorial: >>> >>> >>> https://pyramid.readthedocs.io/en/latest/tutorials/wiki2/authorization.html >>> >>> >>> Basically : you define your permission as string via an ACL mechanism. >>> Your permissions may be global (e.g. all members of the "managers" >>> group get the "manage" permission), or defined via a route factory. >>> Route factories allow for policies such as: every authenticated user >>> can "view" a page, its author can "edit" it. They also allow you to >>> simplify the code of your views. >>> >>> Hope this helps, >>> >>> Laurent. >>> >>> Le dim. 9 mai 2021 à 20:17, Thierry Florac <[email protected]> a écrit : >>> > >>> > Hi, >>> > Are you asking about the way to protect a view with a permission, or >>> about the way to grant this permission to a request? >>> > Best regards, >>> > Thierry >>> > -- >>> > https://www.ulthar.net -- http://pyams.readthedocs.io >>> > >>> > >>> > Le dim. 9 mai 2021 à 19:00, pzzcc <[email protected]> a écrit : >>> >> >>> >> Hi, >>> >> >>> >> I am trying to wrap my head around some pyramid concepts and I am >>> trying to figure out how does a view config know what a permission like ( >>> view , edit , create ) is ? >>> >> >>> >> does it rely on the pyramid_tm r or the routes or what ? >>> >> >>> >> I know how to use them but I need to wrap my head againts some >>> concepts. >>> >> >>> >> thanks. >>> >> >>> >> -- >>> >> You received this message because you are subscribed to the Google >>> Groups "pylons-discuss" group. >>> >> To unsubscribe from this group and stop receiving emails from it, >>> send an email to [email protected]. >>> >> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/pylons-discuss/2b676239-b805-40d6-9ae2-1e4c60a9a7dcn%40googlegroups.com >>> . >>> > >>> > -- >>> > You received this message because you are subscribed to the Google >>> Groups "pylons-discuss" group. >>> > To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> > To view this discussion on the web visit >>> https://groups.google.com/d/msgid/pylons-discuss/CAPX_VWCYnWP_Rrbgk1ZBP1JBUN8KNztgj5%3DJ_Q_8%2B_uvAXAv_A%40mail.gmail.com >>> . >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "pylons-discuss" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/pylons-discuss/97b621fe-4b8b-4a44-884a-079813495ff4n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/pylons-discuss/97b621fe-4b8b-4a44-884a-079813495ff4n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/b4f74d4c-e53d-4a86-be3b-95ac17029557n%40googlegroups.com.
