Thanks a lot Chris. Now I understand it very clear. What I'm going to do is
to put a "editing" lock in one of the wiki page, all other pages allow
everyone to view and edit. Based on the tutorial of SQLAlchemy + url
dispatch Wiki , I changed the RootFactory to the following to accomplish the
task:
george hu wrote:
> Okay, now I tried to change the RootFactory class as this:
>
> def __init__(self,environ):
> matchdict = environ['bfg.routes.matchdict']
> page = matchdict.get('pagename',None)
> if page == "APage":
> self.__acl__=[(Allow,Everyone,'view'),(Allow,'e
Chris McDonough wrote:
>
> Hi George,
>
> Have you read
> http://docs.repoze.org/bfg/1.1/narr/urldispatch.html#using-repoze-bfg-security-with-url-dispatch
>
> ?
Never mind, I see that you have.
The model object is not the context in this situation. The context is
something different. It's
george hu wrote:
> According to the document, "A common thing to want to do is to attach an
> __acl__ to the context object dynamically for declarative security
> purposes", I moved __acl__ statement from RootFactory class to the Page
> class, as in the following code:
>
> class Page(Base):
>
According to the document, "A common thing to want to do is to attach an
__acl__ to the context object dynamically for declarative security
purposes", I moved __acl__ statement from RootFactory class to the Page
class, as in the following code:
class Page(Base):
__tablename__='pages'
id = Co
