On Sunday, November 28, 2010 22:16:45 Shane wrote:
> Hello,
>
> I have a controller with default authorization criteria given by:
>
> class AdminController(BaseController):
> allow_only = authorize.in_group('admin')
>
> But I want to share a few methods within AdminController with groups
> other than 'admin'. Is there a way I can override the default
> authorization criterion
> of methods within AdminController w/o adding a @require() to every
> single method
> within AdminController? I was hoping that adding a @require()
> decorator while keeping
> the allow_only would be a solution, but it is not:
>
> # Both 'admin' and 'store_manager' groups need this method. Don;t
> want to repeat myself in the
> # ManagerController, so share the method...
> @require(Any(in_group('store_manager'), in_group('admin'), msg='Only
> administrators or managers can edit Customers'))
> def editCustomer(self, id=-1, **kw):
> # Does not work. Still requires user to be in 'admin' group.'
>
> No a big deal to but in a @require in front of every method, but
> wanted to see if there was an
> easier way.
No. But is there any reason not to split up the two sets of actions into two
separate controllers?
Diez
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en.
