> Pyramid does supply an interface for this called > principals_allowed_by_permission(context, permission) but it is often > hard to implement. It was removed from the new security policy as a > feature but there’s nothing stopping you from doing something similar > in your own code.
Oh, interesting. Yes I suppose we could implement a function that accepts one of our context objects and one of our "moderate" permissions and returns a list of all a group's moderators (or their IDs). That function could be called both when checking whether an individual user is a moderator in a group, and when needing to get a list of all a group's moderators. > Your goal should be to write an efficient database query to load the > list of users with permission instead of iterating the users and > testing them in memory to keep your logic scalable. This is great advice, and actually in the example I gave we did end up implementing it with just a DB query to find all the group's moderators and not going through Pyramid permissions at all. It results in some duplicate logic between this DB query and our security policy, but it's scalable. But I was just left wondering what Pyramid's solution was to the general problem of needing to query about a permission but not just for the current request's authenticated identity. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/pylons-discuss/226581f7-7bf4-4f12-8796-736f3d5ba460%40app.fastmail.com.
