-----BEGIN PGP SIGNED MESSAGE-----
Gustavo Narea wrote:
> I'm sorry about the big delay, I had little time to work on this lately.
> On Monday January 26, 2009 20:03:20 Tres Seaver wrote:
>> I would make 'check_authorization' call a new method
>> 'evaluate_with_variables', which just passes through to 'evaluate' in
>> the base class (Predicate): people could override it to do the extra
>> checking. The cost is one extra function call for those not using the
>> indirection, but preserves backward compatibility.
> Thanks for that, Tres! I solved this inspired by your suggestion: I added a
> method which returns the POST and GET variables, so that you can use it as in:
> from repoze.what.predicates import Predicate
> # Say you use SQLAlchemy:
> from yourcoolapplication.model import BlogPost, DBSession
> class post_is_managed_by_author(Predicate):
> message = 'Only %(author)s can manage post %(post_id)s'
> def evaluate(self, environ, credentials):
> # Extracting the post Id from the GET variables
> vars = self.get_variables(environ)
> post_id = vars.get.get('post_id')
> # Loading the post object
> post = DBSession.query(BlogPost).get(post_id)
> # Checking if it's the author
> if post.author_userid != credentials.get('repoze.what.userid'):
> self.unmet(post_id=post_id, author=post.author_userid)
> Then you can build the following compound predicates:
> from repoze.what.predicates import All, has_permission
> # Can the user edit the post?
> p1 = All(has_permission('edit-posts'), post_is_managed_by_author())
> # Can the user delete the post?
> p2 = All(has_permission('delete-posts'), post_is_managed_by_author())
> This way backwards compatibility is not broken.
> It will be available in repoze.what 1.0.4, which I hope to release tomorrow.
> What do you people think about it?
That looks fine to me.
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Repoze-dev mailing list