I am trying to work out how I could protect a specific resource/entity
For instance I have a specific "Record", owned by a specific "User", and
only a user with the "Owner" permission can "Edit" the record.
I can't work out how you would assign "Owner" permission to the user only when
accessing "Record". i.e the user in question would not be owner of
any other record.
It seems the group source and permission source act on a global basis
and aren't context aware. And predicates check_authorization() calls
only take a environ
and therefore you can only protect things like URL's not entities.
Am I trying to do something not possible/intended for repoze.what.
I suppose I am looking for functionality similiar to zope2
Repoze-dev mailing list