Hi! Sounds like some row level permission problem. This is possible with the mercurial version of rum http://python-rum.org/
See TgRumDemo's policy http://hg.python-rum.org/TgRumDemo/file/5f744fb4f973/tgrumdemo/policy.py#l1 http://groups.google.com/group/rum-discuss/browse_thread/thread/526e1bb38479915 Michael On 7 Apr., 22:10, frankentux <[email protected]> wrote: > Is there a suggestion for how to implement something like this > efficiently: > > group | contract | permission > ----------------------------------------------------------------- > 1 | 3 | 2 > 1 | 4 | 3 > 2 | 3 | 2 > > where for example, permission 2 is read and permission 3 is write > Each group would have any number of members - which raises an issue > with the permissions. > I originally thought about each user having a private group where only > he/she has write permission > (kind of like the way red hat handles a user's default group on > linux). Thus each contract would have > at least one group owner with write access - namely the owner's > private group. > > What I'm trying to achieve is a clear permissions based model where > the typical business setup of > a human contract manager (user) existing in a contract management team > (group A) can read/write group > contracts from group A but can only read contracts from group B. > Additionally, it might be a good idea to > allow contract managers to grant read only permission to either > anonymous users or to anyone logged in but not > a member of a generic "contract_manager_group". > > For each contract_manager group, a designated user could be granted > permission to allow users to join and to grant them > read and/or write permission. > > Currently, this is implemented in model/schema.py > (http://code.google.com/p/pycontraxx/source/browse/trunk/pycontraxx/mo... > ). > When a user visitshttp://app/contract/manage/$contract_idhe is > denied access unless logged in. If access is granted, the scope of the > access is tested by > checking what id is requested ($contract_id) and checking if the user > is in any group listed in contract.groups and if said group has e.g. > rw permission listed in groups.permissions. This seems a bit primitive > though and I'm sure there's a much more elegant way of doing this > using repoze.... but so far I'm stuck > on repoze as I seem to have to test using a decorator ( @require > (predicates.in_group('contract_managers', msg=l_('Only for contract > managers'))) ) before accessing the args sent to the controller method > (in the case above, the contract_id). If I could manage to get this > working using predicates, I'm sure it would make the app much more > flexible down the road. > > Any ideas :) ? > > On 7 Apr., 15:08, frankentux <[email protected]> wrote: > > > Started a Google Code Project:http://code.google.com/p/pycontraxx/ > > > Anonymous SVN (I think you have to join the project before getting RW > > permissions) > > svn checkouthttp://pycontraxx.googlecode.com/svn/trunk/pycontraxx- > > read-only > > > Currently there is only a standard paster quickstart -s with > > authentication enabled plus > > a schema.py under pycontraxx/model/ which contains the business logic > > (probably should be > > split out into multiple files?). There is also some controller code > > set up - but this was mostly me > > playing with repoze and rapidly figuring out that it was going to be > > more difficult than I though > > to implement group level access restrictions to contracts and > > projects. > > > On Apr 6, 6:33 pm, frankentux <[email protected]> wrote: > > > > Given that the project is only in the starting stages (I've put > > > together a rough model which is getting more complicated by the day), > > > I'm looking firstly for help with "conceptualising" the project: > > > - improving the model (having problems at the moment with user/group/ > > > contract where trying to implement ro,rw) > > > - user admin interface (whereby a group "owner" can add/remove group > > > members and determine the scope of their access to contracts) > > > - using existing form widgets/creating new form widgets to handle > > > entering contracts along with projects, contract parties, contract > > > documents > > > - event based notifications on a per user or per group basis (e.g. > > > contract xyz will expire in 30 days if not renewed) > > > - timeline showing what's coming up (events such as contract renewal > > > deadline, contract expiry) > > > - not sure if this is overkill, but it would be cool to have a kind > > > of svn backend to handle uploaded contracts (odt, doc, pdf) > > > > Maybe if I just post the entire model? Or upload everything I have to > > > google code or something like that? > > > > On Apr 6, 5:40 pm, Mark Ramm <[email protected]> wrote: > > > > > Right now this mailing list is the right place. Let us know a couple > > > > details of what kind of help you're looking for and when you need it > > > > and I'm sure some people will reply to you off list. > > > > > --Mark Ramm > > > > > On Mon, Apr 6, 2009 at 10:32 AM, frankentux > > > > <[email protected]> wrote: > > > > > > I was wondering if there is a kind of a "help wanted" feature - either > > > > > here on the mailing list, or on the turbogears.org site. Specifically, > > > > > I want to pick up development of a contract management application > > > > > using turbogears2 - it's a pretty big project though. > > > > > > Thus, does anyone know where I could post a "looking for help" notice > > > > > - somewhere that turbogears users would find it? > > > > > -- > > > > Mark Ramm-Christensen > > > > email: mark at compoundthinking dot com > > > > blog:www.compoundthinking.com/blog > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
