The groups/permissions functionality is just something basic and
optional, to help people get started, although for some smaller projects
it may be good enough. For finer-grained control, you may want to check
I've never really wanted to offer a similar functionality
out-of-the-box. I've given some thought to this, and never came up with
non-intrusive way of addressing this kind of situations. But I'm always
open to hear alternatives.
I hope this is what you were looking for.
On 15/02/10 15:19, Tim Hoffman wrote:
> I am trying to work out how I could protect a specific resource/entity
> using repoze.what.
> For instance I have a specific "Record", owned by a specific "User", and
> only a user with the "Owner" permission can "Edit" the record.
> I can't work out how you would assign "Owner" permission to the user only when
> accessing "Record". i.e the user in question would not be owner of
> any other record.
> It seems the group source and permission source act on a global basis
> and aren't context aware. And predicates check_authorization() calls
> only take a environ
> and therefore you can only protect things like URL's not entities.
> Am I trying to do something not possible/intended for repoze.what.
> I suppose I am looking for functionality similiar to zope2
> permissions/roles etc...
> Repoze-dev mailing list
Gustavo Narea <xri://=Gustavo>.
Repoze-dev mailing list