On Sat, Nov 12, 2016 at 9:25 AM, Zsolt Ero <zsolt....@gmail.com> wrote: > Here is what I see: > - The way Pyramid does everything super flexibly (URL structure, the view > callables, the role concepts, and the permissions as you said it) can make > it very complicated to do otherwise simple things, such as making a > request.route_allowed()... > - If request.route_url() exists and works, why can we not make > request.route_allowed()? I understand that one route may point to multiple > views, but that mechanism is implemented already, since Pyramid can decide > what to do on every incoming request.
I'll defer to other core developers on this. > - The only thing what I can imagine is not obvious from a request and a > route_url is the GET/POST, etc. kind, since the user might want to change > that between requests. (For example calling a form, etc.). > > So why can we not make a simple request.route_allowed(**kwargs, > method='GET') method, where kwargs would be the same as for route_url()? You have a point there, true means it's allowed for at least some kind of request, and it's up to the application writer to know what those are. Although it might as well default to GET because this is for showing regular hyperlinks, and regular hyperlinks can only do GET. A POST would either imply a form has been shown and the POST should be allowed, or it's an AJAX request in which case the app developer should know whether it's allowed. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAH9f%3Duo5riRqJ_V9TyGKUeu-kKOCCVhHrikoU9-g4YsKyK1VpA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
