Hello, Tim.

The groups/permissions functionality is just something basic and
optional, to help people get started, although for some smaller projects
it may be good enough. For finer-grained control, you may want to check

I've never really wanted to offer a similar functionality
out-of-the-box. I've given some thought to this, and never came up with
non-intrusive way of addressing this kind of situations. But I'm always
open to hear alternatives.

I hope this is what you were looking for.

 - Gustavo.

On 15/02/10 15:19, Tim Hoffman wrote:
> Hi
> I am trying to work out how I could protect a specific resource/entity
> using repoze.what.
> For instance I have a specific "Record", owned by a specific "User", and
> only a user with the "Owner" permission can "Edit" the record.
> I can't work out how you would assign "Owner" permission to the user only when
> accessing "Record".  i.e the user in question would not be owner of
> any other record.
> It seems the group source and permission source act on a global basis
> and aren't context aware.  And predicates check_authorization() calls
> only take a environ
> and therefore you can only protect things like URL's not entities.
> Am I trying to do something not possible/intended for repoze.what.
> I suppose I am looking for functionality similiar to zope2
> permissions/roles etc...
> T
> _______________________________________________
> Repoze-dev mailing list
> Repoze-dev@lists.repoze.org
> http://lists.repoze.org/listinfo/repoze-dev

Gustavo Narea <xri://=Gustavo>.

Repoze-dev mailing list

Reply via email to