Check if a user can access a particular view
40 views
Skip to first unread message
Thijs
Feb 20, 2019, 7:04:31 AM2/20/19
to pylons-discuss
In a view I want to return a few hyperlinks to other views. However, I don't want to present users with links to views they have no permission for. Is there any way to check if a user has access to a certain view so I can omit the links to denied views?
Theron Luhn
Feb 20, 2019, 11:48:40 AM2/20/19
to pylons-...@googlegroups.com
Check out request.has_permission: https://docs.pylonsproject.org/projects/pyramid/en/latest/api/request.html#pyramid.request.Request.has_permission
— Theron
— Theron
On Feb 20, 2019, at 3:10 AM, Thijs <tda...@gmail.com> wrote:
In a view I want to return a few hyperlinks to other views. However, I don't want to present users with links to views they have no permission for. Is there any way to check if a user has access to a certain view so I can omit the links to denied views?
--
You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discus...@googlegroups.com.
To post to this group, send email to pylons-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/f422ce38-287d-4b53-b95e-5c114ed8e65a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michael Merickel
Feb 20, 2019, 12:36:20 PM2/20/19
to Pylons
Just to expand on Theron's suggestion a bit more: there is not a general solution to the problem because Pyramid's routing system is flexible enough that it's not easy to tell which view will be invoked for a particular request without actually executing the request. If you know what permission the user will need and what context the user will have then you can use request.has_permission(permission, context=context). If this isn't satisfactory then you'll have to come up with something outside of the per-request security system Pyramid provides to know what the user "could" have access to.
- Michael
To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/50EEE623-4776-4E00-A8AA-6E6613C2E2E5%40luhn.com.
Thijs
Feb 21, 2019, 10:08:29 AM2/21/19
to pylons-discuss
Many thanks, I eventually found the has_permission and settled on using that.
Mike Orr
Feb 21, 2019, 12:09:43 PM2/21/19
to pylons-...@googlegroups.com
I use 'request.has_permission' to determine which menu links and
editing buttons to show.
> To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/CAKdhhwHFsZ%2BZtfSZnster0T-g00rqMyeCQ1qMPGTxH%2Bp2njAZw%40mail.gmail.com.
Mike Orr <slugg...@gmail.com>
editing buttons to show.
Mike Orr <slugg...@gmail.com>
Reply all
Reply to author
Forward
0 new messages