caneypuggies team mailing list archive

Thread
Date

Checking user permissions in a template

To: CaneyPUGgies Team <caneypuggies@xxxxxxxxxxxxxxxxxxx>
From: Tim Black <tim@xxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Nov 2010 13:48:12 -0600
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6

Hi Robbi,

I figured out how to check user permissions in a template.  First,
(after logging in to the app), as a way of exploring the contents of
request.identity (this is sometimes called "introspection"), I put this
within the body tag in master.html:

      <div py:for="i in request.identity">
          ${i}       
      </div>

That prints out a list of the contents of request.identity so I could
see what's inside it.  One of request.identity's attributes that was
listed is called "permissions."  So I change the code above to read:

      <div py:for="i in request.identity.permissions">
          ${i}       
      </div>

And it printed out "edit" as the permission that is in
request.identity.permissions when I'm logged in as the "editor" user
(but it throws an error if I'm not logged in).

So the way to hide a menu item if a user does not have the 'manage'
permission is like this:

<li py:if="request.identity and ('manage' in
request.identity.permissions)" id="admin" class="loginlogout"><a
href="${tg.url('/admin')}">Admin</a></li>

Robbi, can you finish hiding whatever other menu items should probably
be hidden from users who are not the owners of a Reformed Churches
Locator website?  A list of some of those menu items is in your
blueprint
<https://blueprints.launchpad.net/reformedchurcheslocator/+spec/hide-menu-items-unless-manager>.

Tim