Hi Folks,
I am planning to implement a "default deny" auth system for my site.
After some thinking I came up with the idea that this can be
accomplished if I use route mappings to code access level.
I could use something like
def __before__(self, require_permission='superuser')
In my vision this would effectively cut off all the routes that don't
specify explicitly access level.
Of couse I am aware that I must take special precautions like not use
the same controller action at two different routes mappings, remove
the default mappings of kind /{controller}/{action} (which I always
do nonetheless.
Do you see some trap that I am going into with such an approach?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
