Dieter Maurer wrote:
Jephte CLAIN writes:
I have the scenario where a user can edit *its* data but not other users's data, unless he has a special role. however, the method used to edit one's data is the same. Can you not use the "Owner" role for this? I suppose not, because data is taken from a SQL database, so everyone could potentially trash others' data
Oleg advised to make edit_data unpublishable and to write wrappers around it. However, I have thought of another way to do it. Whether it is better or not, I like it because I do not have to rewrite edit_data that much. __ac_permissions__ = ( ('Use edit_data', ('edit_data', )), ('Edit one\'s data', ('check_perm_1', )), ('Edit others\' data', ('check_perm_2', )), ) check_perm1 and check_perm_2 are do-nothing methods that are protected by the permissions. In edit_data, I call them as appropriate to check for the user's permissions. any comments? regards, jephte.clain@univ-reunion.fr