search

Pylons / pyramid

Pyramid - A Python web framework
https://trypyramid.com/
Other
3.97k stars 887 forks source link

How to create a custom permission #3682

Closed justintim-es closed 2 years ago

justintim-es commented 2 years ago

Hi https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#protecting-views explains how to use a permission, but how do we create the 'add' permission?

mmerickel commented 2 years ago

Please post usage questions to the mailing list at pylons-discuss@googlegroups.com.

The security policy above has a permits() method that receives the permission - it is the responsibility of this method to handle the permission and determine the access. Often this is abstracted using the ACLHelper. You'll see lots of examples of this in the tutorials.

luhn commented 2 years ago

You don’t need to “create” a permission, per se, you can use any arbitrary string and then update your ISecurityPolicy.permits method to Allow/Deny appropriately based on that permission. See the next section: https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#allowing-and-denying-access-with-a-security-policy https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#allowing-and-denying-access-with-a-security-policy

That method uses “read”, “write”, “delete”, but you could swap “add” in there as well.

(It is a bit confusing that we aren’t consistent with permission names throughout the tutorial…)

— Theron

On Dec 13, 2021, at 9:30 AM, noahsalvadordenjo @.***> wrote:

Hi https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#protecting-views https://docs.pylonsproject.org/projects/pyramid/en/latest/narr/security.html#protecting-views explains how to use a permission, but how do we create the 'add' permission?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Pylons/pyramid/issues/3682, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAL7LRODFNLHOL3CMBVNLVTUQYUSXANCNFSM5J6W4BUQ. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

luhn commented 2 years ago

Whoops, didn't even realize this was Github and not the mailing list...