Hum, I would have stored a page/token/user/validity/last_seen association (rule being if user has right on the page he can stores a unique token to grant access to the page), and thus a user can list and revoke the grant access
I would have decorated before repoze with an impersonnfication trick (loading user based on token if token exists for this page) thus leaving business logic untouched I would have at the end of the decorator wiped out all environs/request/middleware traces of impersonfication But I dont know if it works :) -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
