Hi, I'm using Cornice <https://github.com/Cornices/cornice> and Pyramid <https://github.com/Pylons/pyramid> for my REST API server, and followed the standard authorization examples using ACLs <https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#assigning-acls-to-your-resource-objects>. For example:
# The Cornice service. bills_service = Service("bills", "/api/bills", factory=BillsListContext) # The Context factory: class BillListContext(object): def __init__(self, request): pass @property def __acl__(self): return [ (Allow, "role:buyer", "get_bills"), (Allow, "role:seller", "get_bills"), ] # And the view function is then: @bills_service.get( content_type="application/json", accept="application/json", permission="get_bills", ) def get_bills(request): # … The view implementation now contains role checks (if request.user.role...) and services requests depending on the requesting user's role. My question is: is there a better way to implement views for different roles? How would I decorate view functions, each for a specified role? What is the recommended way here? Thanks! -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/605159f6-1461-4dd4-b133-88d7f0748795%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.