Hi I am trying to work out how I could protect a specific resource/entity using repoze.what.
For instance I have a specific "Record", owned by a specific "User", and only a user with the "Owner" permission can "Edit" the record. I can't work out how you would assign "Owner" permission to the user only when accessing "Record". i.e the user in question would not be owner of any other record. It seems the group source and permission source act on a global basis and aren't context aware. And predicates check_authorization() calls only take a environ and therefore you can only protect things like URL's not entities. Am I trying to do something not possible/intended for repoze.what. I suppose I am looking for functionality similiar to zope2 permissions/roles etc... T _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev