On Apr 9, 8:24 am, Michael Brickenstein <[email protected]> wrote:
> I would maybe add a relation writeable_contracts to the group entity (-> join
> conditions in sqlalchemy).
This sounds like exactly what I need. I would also have to create a
similar group_can_read_contracts
and then take care that when I aim to add write permission for a
group, that I automatically also create
read permission. Currently I am doing this with SQL triggers.
With respect to read_only access, I want to create layers which can be
configured by a contract manager:
(1) anonymous ( can anonymous users read some contracts? useful maybe
for templates etc )
(2) any_logged_in ( users logged in but not a member of the global
contract_manager group - could include product managers etc )
(3) contract_manager ( define permissions that any contract_manager
should have )
(4) group
I'll try to get this working on a simplified model...
> One you have that, you should be able to achieve a predicate, which
> you can register
>
> def group_can_write_contracts(policy, obj, action, attr, user):
> contract=obj
> for group in user.groups:
> if contract in group.writeable_contracts:
> return True
> return Denial("Only members of ... groups can write this
> contract")
> YourPolicy.register(group_can_write_contracts, obj=Contract,
> action=...,...)
>
> Michael
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
