While reading up the docs on Twisted security and HTTP auth, it seems they are all geared towards pure authentication,<div>but don&#39;t address the authorization part.</div><div><br></div><div>For example, in our other apps we often have a security setup like this</div>
<div><br></div><div>a) users with READ_ONLY_ROLE can only access GET endpoints</div><div>b) users with READ_WRITE_ROLE can access GET, POST, PUT, DELETE endpoints</div><div><br></div><div>Is there any existing Twisted-based projects that provides a role-based authorization framework on top of the core Twisted authentication APIs?</div>
<div>It would need a custom Avator with roles attached to it (fetched from DB or elsewhere)</div><div><br></div><div>Thanks</div><div>Jacek</div>