On Thu, Apr 24, 2008 at 9:44 AM, Christopher Arndt <chris.ar
...@web.de> wrote:
> Cecil Westerhof schrieb:
> > I have been playing with TG for two days now and I must say that untill
> > now I like it. ;-}
> > With the identity module you go to a login page when you do not have
> > enough credentials. Is it possible to make a difference between a user
> > that is not logged in (login page) and a logged in user that has not
> > enough credentials (entry denied)?
> Yes, you can, but this is a feature of the identity framework that isn't
> really documented well (i.e not at all ;-)).
> You can set the configuration setting 'identity.failure_url' to a
> callable, which will get evaluated every time an IdentityFailure
> exception occurs. In this function you can then check
> a) if the the user is anonymous (not logged in)
> b) what the error message(s) of the IdentityFailure exception are
> and then return different URLs depending on this info.
> Example (untested):
> def failure_url():
> if (identity.current.not_anonymous and
> 'foo' in cherrypy.request.identity_errors):
> return url('/access_denied')
> return url('/login')
> See the code for 'turbogears.identity.exceptions' (set_identity_errors,
> IdentityFailure) and turbogears.identity.conditions (Predicate, require)
> for particulars.
> As a simpler, but less general alternative, you can test for the
> required permissions *within* your controller method and then just do
> the redirect yourself. If you are just redirecting to a "Access denied"
> page, you probably don't need to care about retaining request parameters
> across redirects.
> Example (also untested):
> class MyController(controllers.Controller, identity.SecureResource):
> @expose('bla')
> def bla(self):
> if not 'foo' in identity.current.permissions:
> if identity.current.not_anonymous:
> redirect('/access_denied')
> raise identity.IdentityFailure
has the code.
