Implementation of class-based permission system #19
Conversation
rest_gae/rest_gae.py
Outdated
There was a problem hiding this comment.
This needs to be:
permissions = self.permissions.get(method, [])
|
Awesome implementation dude! :-) |
rest_gae/rest_gae.py
Outdated
There was a problem hiding this comment.
Why not add support for a singular permission instead of just a list? e.g.
if not isinstance(permissions, list):
permissions = [permissions]There was a problem hiding this comment.
Good idea. Adding this.
|
Also - we need to verify these changes don't mess up the users.py module (that it'll still operate normally). |
|
I have tested with a trivial application that uses the users module, and it didn't break anything. That's not saying much though. I think we really need to address that test suite next. |
|
This should address the temp code that was left behind, as well as allow single permission objects instead of requiring lists. |
|
Looks like I totally neglected to implement this in users.py - I'll get that soon. |
|
Another small comment - if doing a multi-PUT - there is no validation that the user actually owns those updated models (this check should somehow be done by the Permission instance) |
|
Converting the user handler to use the permission system is going to take some time. I'm going to get some of it done tonight, but it may be a couple more days before I find the time to finish it. |
|
This is going to be more work than I thought. The users handler embeds other routes within it, such as "me", "login", "verify", and "reset". To avoid lots of special cases, I'm going to break them out into separate routes and stuff them in a multi-route. After that is done, I may be able to use our regular rest handler for users, and get rid of A lot of duplicate code. |
|
Hmmm, yeah - sorry for the work load :-/ |
2 participants
Implements #16 and fixes #18