I'm in the early stages of designing a my first Pyramid app and I was
hoping for some verification on my approach to instance level
authorization. Most of the stock documentation discusses global ACLs
which apply to an entire class, not individual instances of that
class. Consider a simple CMS
On Thu, 2011-09-01 at 06:30 -0700, Brian wrote:
I'm in the early stages of designing a my first Pyramid app and I was
hoping for some verification on my approach to instance level
authorization. Most of the stock documentation discusses global ACLs
which apply to an entire class, not
Chris,
Thanks for the reply. One more question...
Is it acceptable for __acl__ to be a callable associated with an
instance?
def __acl__(self):
return [
(Allow, 'user:%s' % self.owner, 'edit'),
]
Thanks,
Brian
--
You received this message because you are subscribed to the Google
On Mon, 2011-09-05 at 12:44 -0700, Brian wrote:
Chris,
Thanks for the reply. One more question...
Is it acceptable for __acl__ to be a callable associated with an
instance?
def __acl__(self):
return [
(Allow, 'user:%s' % self.owner, 'edit'),
]
No, it must be an attribute,
Brian, I just want to clarify some points from your original email.
Specifying the ``factory`` on the route is telling the traversal system how
to get the root of your resource tree for that specific route. Thus in your
example you might do:
def PageFactory(request):
pagename =
It's not incorrect, I just merged two thoughts which probably made it
unclear. If he doesn't specify a ``traverse`` parameter then traversal will
not happen, which will use a similar RootFactory to what I showed except
that he might want to raise a HTTPNotFound if the ``page`` is None. The rest
of