[Twisted-web] Get access to Avatar from Resource object?
jacek99 at gmail.com
Wed Feb 22 11:02:58 EST 2012
I am trying to understand how Twisted Web security works, based on a few
They all explain how to set up a web app with let's say HTTP auth.
But there are no examples on how a Resource method (let;s say render_GET)
could get access to the current Avatar object?
And does the Avatar object need to implement some specific interface?
What I want to do in CorePost is to allow fine grained privilege-based
security *per method* (similar in style to Spring Security, for those who
know it), e.g.:
return ...some user info...
...create new user, etc...
If the Avatar does not have the required privileges (e.g. "BROWSE_USER" or
"UPDATE_USER" in the example above), I want to throw a 403 Access Denied
Thanks for any pointers
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Twisted-web