Has anyone implemented an authorization check that can look-up whether the current user owns the object they are trying to access?
For instance using repoze.what I would have made a custom predicate which retrieves the objects id from request.matchdict['id'] and looks up if the current user owns the object (each object would have a separate custom predicate). Is there a similar analog using Pyramid's authorization? Alternatively: has anyone started work on a repoze.what authorization policy? Thanks, Jason -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/5ETNAK0Rr0sJ. To post to this group, send email to pylons-discuss@googlegroups.com. To unsubscribe from this group, send email to pylons-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
