> > What kind of authorization can we achieve with repoze.who aka > tg.authorization? > > Let me know if these are available? > > 1. widget authorization, per user validation aka(user cannot select > this box unless he has these permissions) > 2. ajax widgets per user rights, meaning if permission x display > widget y that shows xyz.
These two have nothing to do with the authorization layer - they depend on the widget code (ajax or not). There are a number of predicates available (not_anonymous and the like) that you can use to achieve your goal. > 3. sqlalchemy save certain tables if you have x permissions SA knows nothing about authorization. Unles you use per-user-connections & fine-grained DB access control, all you can do is protect controller-methods that manipulate the tables in question from being called. Which works. Diez --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
