Request(environ, charset=None, unicode_errors=None, decode_param_names=None, **kw)[source]¶
pyramid.request.Requestto make additional attributes / methods available on request objects and override Pyramid’s
pyramid.request.Request.has_permission(). The latter is needed to support Kotti’s concept of local roles not just for users but also for groups (
Add the authenticated user to the request object.
Result: the currently authenticated user Return type:
kotti.security.Principalor whatever is returned by the custom principals database defined in the
has_permission(permission: str, context: object = None) → Union[pyramid.security.Allowed, pyramid.security.Denied][source]¶
Check if the current request has the given permission on the current or explicitly passed context. This is different from
pyramid.request.Request.has_permission`()in that a context other than the one bound to the request can be passed. This allows to consider local roles for the check.
- permission (str) – name of the permission to check
- context (
kotti.resources.Node) – context for which the permission is checked. Defaults to the context on which the request invoked.
True if has_permission, False else