@@ -177,45 +177,30 @@ To protect each of our views with a particular permission, we need to pass a
177177``permission `` argument to each of our :class: `pyramid.view.view_config `
178178decorators. To do so, within ``views.py ``:
179179
180- - We add ``permission='view' `` to the decorator attached to the ``view_wiki ``
181- view function. This makes the assertion that only users who possess the
182- ``view `` permission against the context resource at the time of the request
183- may invoke this view. We've granted :data: `pyramid.security.Everyone ` the
184- view permission at the root model via its ACL, so everyone will be able to
185- invoke the ``view_wiki `` view.
186-
187- - We add ``permission='view' `` to the decorator attached to the ``view_page ``
188- view function. This makes the assertion that only users who possess the
189- effective ``view `` permission against the context resource at the time of
190- the request may invoke this view. We've granted
191- :data: `pyramid.security.Everyone ` the view permission at the root model via
192- its ACL, so everyone will be able to invoke the ``view_page `` view.
193-
194- - We add ``permission='edit' `` to the decorator attached to the ``add_page ``
195- view function. This makes the assertion that only users who possess the
196- effective ``edit `` permission against the context resource at the time of
197- the request may invoke this view. We've granted the ``group:editors ``
198- principal the ``edit `` permission at the root model via its ACL, so only
199- the a user whom is a member of the group named ``group:editors `` will able
200- to invoke the ``add_page `` view. We've likewise given the ``editor `` user
201- membership to this group via thes ``security.py `` file by mapping him to
202- the ``group:editors `` group in the ``GROUPS `` data structure (``GROUPS =
203- {'editor':['group:editors']} ``); the ``groupfinder `` function consults the
204- ``GROUPS `` data structure. This means that the ``editor `` user can add
205- pages.
206-
207- - We add ``permission='edit' `` to the decorator attached to the ``edit_page ``
208- view function. This makes the assertion that only users who possess the
209- effective ``edit `` permission against the context resource at the time of
210- the request may invoke this view. We've granted the ``group:editors ``
211- principal the ``edit `` permission at the root model via its ACL, so only
212- the a user whom is a member of the group named ``group:editors `` will able
213- to invoke the ``edit_page `` view. We've likewise given the ``editor `` user
214- membership to this group via thes ``security.py `` file by mapping him to
215- the ``group:editors `` group in the ``GROUPS `` data structure (``GROUPS =
216- {'editor':['group:editors']} ``); the ``groupfinder `` function consults the
217- ``GROUPS `` data structure. This means that the ``editor `` user can edit
218- pages.
180+ - We add ``permission='view' `` to the decorator attached to the
181+ ``view_wiki `` and ``view_page `` view functions. This makes the
182+ assertion that only users who possess the ``view `` permission
183+ against the context resource at the time of the request may
184+ invoke these views. We've granted
185+ :data: `pyramid.security.Everyone ` the view permission at the
186+ root model via its ACL, so everyone will be able to invoke the
187+ ``view_wiki `` and ``view_page `` views.
188+
189+ - We add ``permission='edit' `` to the decorator attached to the
190+ ``add_page `` and ``edit_page `` view functions. This makes the
191+ assertion that only users who possess the effective ``edit ``
192+ permission against the context resource at the time of the
193+ request may invoke these views. We've granted the
194+ ``group:editors `` principal the ``edit `` permission at the
195+ root model via its ACL, so only a user whom is a member of
196+ the group named ``group:editors `` will able to invoke the
197+ ``add_page `` or ``edit_page `` views. We've likewise given
198+ the ``editor `` user membership to this group via the
199+ ``security.py `` file by mapping him to the ``group:editors ``
200+ group in the ``GROUPS `` data structure (``GROUPS
201+ = {'editor':['group:editors']} ``); the ``groupfinder ``
202+ function consults the ``GROUPS `` data structure. This means
203+ that the ``editor `` user can add and edit pages.
219204
220205Adding the ``login.pt `` Template
221206~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
0 commit comments