>> 3. sqlalchemy save certain tables if you have x permissions It is completely possible to rebind the SQLAlchemy metadata on each request so that you actually connect to the database as a specific user based on the REMOTE_USER that is set by repoze.who. This would allow you to protect data at the database level, or to redirect certian classes of users to different back-end databases for load management. We intentionally designed things to allow this, but we also intentionally left writing the explicit rules for doing this to users, as it's not something that 90% of applications ever need.
But perhaps you're wondering if we tap into SQLAlchemy somewhere between the controller level and the database level, and if that's the question no we don't. I don't exactly think we will do that in quite that way, but I do think it would be interesting and useful to be able to provide some helpers that make it very easy to write authorization rules that do "row-level" (really SA object level) authorization checks in the controller. If you have a specific use case in mind, please feel free to raise it and we'll see how to best fill that need. --Mark Ramm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
