Hmmyou bring up a good point. I'd be interested in the responses
stated here.
On Thursday, 14 June 2012 06:47:38 UTC-5, Przemyslaw wrote:
Hi!
What I need is a possibility to get the list of logged-in user's
principals in my view (so I can e.g. disable 'Edit' link for users not
Pyramid is better at answering the question what permission does the user
have?, which is likely what's controlling whether they can actually get to
the 'edit' page. Use pyramid.security.has_permission('edit',
edit_page_context, request) instead.
After evaluating the work effective_principals
On 14/06/12 15:06, Daniel Holth wrote:
Pyramid is better at answering the question what permission does the
user have?, which is likely what's controlling whether they can
actually get to the 'edit' page. Use
pyramid.security.has_permission('edit', edit_page_context, request)
instead.
Right,
On 06/14/2012 09:55 AM, Przemyslaw Wegrzyn wrote:
On 14/06/12 15:06, Daniel Holth wrote:
Pyramid is better at answering the question what permission does the
user have?, which is likely what's controlling whether they can
actually get to the 'edit' page. Use
On 14/06/12 16:17, Chris McDonough wrote:
Well, I know that authors are not happy with overall design, as
explained here http://plope.com/pyramid_auth_design_api_postmortem (and
I have to say I agree with this post 100%), but principals idea is there
anyway, so why not make it more efficient?
On 06/14/2012 10:23 AM, Przemyslaw Wegrzyn wrote:
On 14/06/12 16:17, Chris McDonough wrote:
Well, I know that authors are not happy with overall design, as
explained here http://plope.com/pyramid_auth_design_api_postmortem (and
I have to say I agree with this post 100%), but principals idea is
On 14/06/12 16:29, Chris McDonough wrote:
spanning multiple requests. Just to avoid querying it multiple times per
request.
Or do you mean it can change in the middle of a single request? That's a
scary idea :)
I just mean storing it for the single request, not a full-blown cache
Not
On Thu, Jun 14, 2012 at 7:17 AM, Chris McDonough chr...@plope.com wrote:
On 06/14/2012 09:55 AM, Przemyslaw Wegrzyn wrote:
Well, I know that authors are not happy with overall design, as
explained here
One of Pyramid's selling points is its built-in authorization. Pylons
never had that, which required me to write my own in one application or use
repoze.who/what. My own system works but is non-scalable: I punted on
multiple groups and just allowed one group per user, so we have to put