kotti.request

class kotti.request.Request(environ, charset=None, unicode_errors=None, decode_param_names=None, **kw)[source]

Bases: pyramid.request.Request

Kotti subclasses pyramid.request.Request to make additional attributes / methods available on request objects and override Pyramid’s pyramid.request.Request.has_permission(). The latter is needed to support Kotti’s concept of local roles not just for users but also for groups (kotti.security.list_groups_callback()).

user

Add the authenticated user to the request object.

Result:the currently authenticated user
Return type:kotti.security.Principal or whatever is returned by the custom principals database defined in the kotti.principals_factory setting
has_permission(permission: str, context: object = None) → Union[pyramid.security.Allowed, pyramid.security.Denied][source]

Check if the current request has the given permission on the current or explicitly passed context. This is different from pyramid.request.Request.has_permission`() in that a context other than the one bound to the request can be passed. This allows to consider local roles for the check.

Parameters:
  • permission (str) – name of the permission to check
  • context (kotti.resources.Node) – context for which the permission is checked. Defaults to the context on which the request invoked.
Result:

True if has_permission, False else

Return type:

bool