diff options
| author | Michael Merickel <michael@merickel.org> | 2013-03-18 21:00:50 -0700 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2013-03-18 21:53:28 -0700 |
| commit | 2d931400b22f4c5764df68c2799be512e60a2de1 (patch) | |
| tree | ccffb0fc6bd679b3899091a6d344de7fd8ab6e08 /docs | |
| parent | 038dcbaea40ee6e4526946115cc4c8c9bfb43c2f (diff) | |
| download | pyramid-2d931400b22f4c5764df68c2799be512e60a2de1.tar.gz pyramid-2d931400b22f4c5764df68c2799be512e60a2de1.tar.bz2 pyramid-2d931400b22f4c5764df68c2799be512e60a2de1.zip | |
support acl as a callable
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/narr/security.rst | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/docs/narr/security.rst b/docs/narr/security.rst index 5b79edd19..36c888559 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -270,6 +270,27 @@ resource instances with an ACL (as opposed to just decorating their class) in applications such as "CMS" systems where fine-grained access is required on an object-by-object basis. +Dynamic ACLs are also possible by turning the ACL into a callable on the +resource. This may allow the ACL to dynamically generate rules based on +properties of the instance. + +.. code-block:: python + :linenos: + + from pyramid.security import Allow + from pyramid.security import Everyone + + class Blog(object): + def __acl__(self): + return [ + (Allow, Everyone, 'view'), + (Allow, self.owner, 'edit'), + (Allow, 'group:editors', 'edit'), + ] + + def __init__(self, owner): + self.owner = owner + .. index:: single: ACE single: access control entry |