Gustavo Narea schrieb:
> Or the way you want to use it in your templates:
> <p py:if="evaluate(has_permission('edit-posts'))">
> Congrats! You can edit blog posts.
> </p>
That's already close to what I'd like to have, but the disadvantage here
is that you still have to either pass both "evaluate" and
"has_permission" to your template manually, or make "evaluate" and all
predicates standard template names which doesn't looke like a good idea.
Plus, security holes would be preprogrammed because I can already see
people forgetting the evaluate call and write
<p py:if="has_permission('edit-posts')">
Congrats! You can edit blog posts.
</p>
This would of course always evaluate to true.
Using the predicates via tg.access as suggested in my other post would
not have these disadvantages.
-- Christoph
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
