I don't know if things have changed, but the last time I talked to Gustavo,
this was an intrinsic limitation in repoze.what v1. It doesn't handle
On 2/15/10 10:19 AM, Tim Hoffman wrote:
> I am trying to work out how I could protect a specific resource/entity
> using repoze.what.
> For instance I have a specific "Record", owned by a specific "User", and
> only a user with the "Owner" permission can "Edit" the record.
> I can't work out how you would assign "Owner" permission to the user only when
> accessing "Record". i.e the user in question would not be owner of
> any other record.
> It seems the group source and permission source act on a global basis
> and aren't context aware. And predicates check_authorization() calls
> only take a environ
> and therefore you can only protect things like URL's not entities.
> Am I trying to do something not possible/intended for repoze.what.
> I suppose I am looking for functionality similiar to zope2
> permissions/roles etc...
> Repoze-dev mailing list
Agendaless Consulting, Fredericksburg VA
The repoze.bfg Web Application Framework Book: http://bfg.repoze.org/book
Repoze-dev mailing list