1

Similar to: Dynamic user based authorization in Pyramid

Using URL dispatch, I want to dynamically assign a permission to a user where the resource is his/her profile page e.g. /aclark4life:

  • Anonymous visitors can access any user profile to see his/her activity.
  • Authenticated users can access additional content on their profile page.

I can easily assign a "manage" permission to all authenticated users, but how do I ensure authenticated users can only view private content on their profile?

E.g. The end result should be only aclark4life can view "Connect to PyPI":

enter image description here

But anonymous viewers cannot:

enter image description here

Community
  • 1
  • 1
aclark
  • 4,345
  • 1
  • 19
  • 31
  • 1
    I've wondered the same... I've got permissions set and managed for entire views in my pyramid apps, but usually end up hard coding conditions to optionally hide or display content within the view template based on whatever access the logged in user has. – Peter Tirrell Oct 21 '13 at 11:33
  • I know of a way, but are you using traversal with url dispatch? – Tom Willis Oct 21 '13 at 18:11
  • 2
    No traversal (unless you count the traversal that happens by default). And I've come up with something that works with help from Michael Merickel. Will post an answer soon. – aclark Oct 22 '13 at 09:42
  • @aclark Any update on what up ended up working for you? – Peter Tirrell Nov 08 '13 at 15:03
  • @PeterTirrell The working code is here: https://github.com/pythonpackages/pythonpackages, haven't had a chance to answer the question yet though, sorry! – aclark Nov 08 '13 at 21:49

0 Answers0