kotti.request¶
- class kotti.request.Request(environ, charset=None, unicode_errors=None, decode_param_names=None, **kw)[source]¶
Bases:
Request
Kotti subclasses
pyramid.request.Request
to make additional attributes / methods available on request objects and override Pyramid’spyramid.request.Request.has_permission()
. The latter is needed to support Kotti’s concept of local roles not just for users but also for groups (kotti.security.list_groups_callback()
).- user¶
Add the authenticated user to the request object.
- Result
the currently authenticated user
- Return type
kotti.security.Principal
or whatever is returned by the custom principals database defined in thekotti.principals_factory
setting
- has_permission(permission: str, context: Optional[object] = None) Union[Allowed, Denied] [source]¶
Check if the current request has the given permission on the current or explicitly passed context. This is different from
pyramid.request.Request.has_permission`()
in that a context other than the one bound to the request can be passed. This allows to consider local roles for the check.- Parameters
permission (str) – name of the permission to check
context (
kotti.resources.Node
) – context for which the permission is checked. Defaults to the context on which the request invoked.
- Result
True if has_permission, False else
- Return type
bool