class kotti.request.Request(environ, charset=None, unicode_errors=None, decode_param_names=None, **kw)[source]

Bases: Request

Kotti subclasses pyramid.request.Request to make additional attributes / methods available on request objects and override Pyramid’s pyramid.request.Request.has_permission(). The latter is needed to support Kotti’s concept of local roles not just for users but also for groups (kotti.security.list_groups_callback()).


Add the authenticated user to the request object.


the currently authenticated user

Return type

kotti.security.Principal or whatever is returned by the custom principals database defined in the kotti.principals_factory setting

has_permission(permission: str, context: Optional[object] = None) Union[Allowed, Denied][source]

Check if the current request has the given permission on the current or explicitly passed context. This is different from pyramid.request.Request.has_permission`() in that a context other than the one bound to the request can be passed. This allows to consider local roles for the check.

  • permission (str) – name of the permission to check

  • context (kotti.resources.Node) – context for which the permission is checked. Defaults to the context on which the request invoked.


True if has_permission, False else

Return type