-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gustavo Narea wrote:
> Hello,
> 
> I'm sorry about the big delay, I had little time to work on this lately.
> 
> On Monday January 26, 2009 20:03:20 Tres Seaver wrote:
>> I would make 'check_authorization' call a new method
>> 'evaluate_with_variables', which just passes through to 'evaluate' in
>> the base class (Predicate):  people could override it to do the extra
>> checking.  The cost is one extra function call for those not using the
>> indirection, but preserves backward compatibility.
> 
> Thanks for that, Tres! I solved this inspired by your suggestion: I added a 
> method which returns the POST and GET variables, so that you can use it as in:
> 
>     from repoze.what.predicates import Predicate
>     # Say you use SQLAlchemy:
>     from yourcoolapplication.model import BlogPost, DBSession
>     
>     class post_is_managed_by_author(Predicate):
>         message = 'Only %(author)s can manage post %(post_id)s'
>         
>         def evaluate(self, environ, credentials):
>             # Extracting the post Id from the GET variables
>             vars = self.get_variables(environ)
>             post_id = vars.get.get('post_id')
>             # Loading the post object
>             post = DBSession.query(BlogPost).get(post_id)
>             # Checking if it's the author
>             if post.author_userid != credentials.get('repoze.what.userid'):
>                 self.unmet(post_id=post_id, author=post.author_userid)
> 
> Then you can build the following compound predicates:
> 
>     from repoze.what.predicates import All, has_permission
>     # Can the user edit the post?
>     p1 = All(has_permission('edit-posts'), post_is_managed_by_author())
>     # Can the user delete the post?
>     p2 = All(has_permission('delete-posts'), post_is_managed_by_author())
> 
> This way backwards compatibility is not broken.
> 
> It will be available in repoze.what 1.0.4, which I hope to release tomorrow.
> 
> What do you people think about it?

That looks fine to me.

- --
===================================================================
Tres Seaver          +1 540-429-0999          tsea...@palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJjGXb+gerLs4ltQ4RAtFkAKCTXqG9eojiCqid12v0vlNUgrFcXgCgyNGB
oNQs9s9HCpe5emTFfcMr95o=
=u1P9
-----END PGP SIGNATURE-----
_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev

Reply via email to