Hm, I would prefer to avoid that.
On 02:58 pm, jacek99@gmail.com wrote:It's actually fine for all cases, since it lets you do anything you
>Hi, I have an extra question going back to our original discussion on
>security.
>
>If I serve a Resource Avatar from a Realm, is there any built-in way to
>attach something to the request as it is being intercepted by the
>Realm?
>
>For example, for every request I would like to create a Principal
>object
>(username,first name,last name, list of privileges, etc.) and attach it
>to
>every request that has been authenticated.
>> From the API I see, it seems you can serve a customized Resource (and
>>that
>is fine for simpler admin vs read-only authentication schemes), but in
>some
>cases you need really fine-grained APIs
want. For example, make the principal an argument to your custom
Resource, save it as an attribute, and use it to make future access
control decisions.
Jean-Paul
>(where a decorator per each REST method may be the only option), so it
>would be good for every request to be linked with the Principal that
>represents the user making the request.
>
>Thanks for any suggestions
>Jacek
_______________________________________________
Twisted-web mailing list
Twisted-web@twistedmatrix.com
http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web