I have been playing with TG for two days now and I must say that untill now I like it. ;-}
With the identity module you go to a login page when you do not have enough credentials. Is it possible to make a difference between a user that is not logged in (login page) and a logged in user that has not enough credentials (entry denied)?
> I have been playing with TG for two days now and I must say that untill > now I like it. ;-}
> With the identity module you go to a login page when you do not have > enough credentials. Is it possible to make a difference between a user > that is not logged in (login page) and a logged in user that has not > enough credentials (entry denied)?
Yes, you can, but this is a feature of the identity framework that isn't really documented well (i.e not at all ;-)).
You can set the configuration setting 'identity.failure_url' to a callable, which will get evaluated every time an IdentityFailure exception occurs. In this function you can then check
a) if the the user is anonymous (not logged in) b) what the error message(s) of the IdentityFailure exception are
and then return different URLs depending on this info.
Example (untested):
def failure_url(): if (identity.current.not_anonymous and 'foo' in cherrypy.request.identity_errors): return url('/access_denied') return url('/login')
See the code for 'turbogears.identity.exceptions' (set_identity_errors, IdentityFailure) and turbogears.identity.conditions (Predicate, require) for particulars.
As a simpler, but less general alternative, you can test for the required permissions *within* your controller method and then just do the redirect yourself. If you are just redirecting to a "Access denied" page, you probably don't need to care about retaining request parameters across redirects.
Example (also untested):
class MyController(controllers.Controller, identity.SecureResource): @expose('bla') def bla(self): if not 'foo' in identity.current.permissions: if identity.current.not_anonymous: redirect('/access_denied') raise identity.IdentityFailure
2008/4/24, Christopher Arndt <chris.ar...@web.de>:
> > I have been playing with TG for two days now and I must say that untill > > now I like it. ;-}
> > With the identity module you go to a login page when you do not have > > enough credentials. Is it possible to make a difference between a user > > that is not logged in (login page) and a logged in user that has not > > enough credentials (entry denied)?
> Yes, you can, but this is a feature of the identity framework that isn't > really documented well (i.e not at all ;-)).
On Thu, Apr 24, 2008 at 9:44 AM, Christopher Arndt <chris.ar...@web.de> wrote:
> Cecil Westerhof schrieb:
> > I have been playing with TG for two days now and I must say that untill > > now I like it. ;-}
> > With the identity module you go to a login page when you do not have > > enough credentials. Is it possible to make a difference between a user > > that is not logged in (login page) and a logged in user that has not > > enough credentials (entry denied)?
> Yes, you can, but this is a feature of the identity framework that isn't > really documented well (i.e not at all ;-)).
> You can set the configuration setting 'identity.failure_url' to a > callable, which will get evaluated every time an IdentityFailure > exception occurs. In this function you can then check
> a) if the the user is anonymous (not logged in) > b) what the error message(s) of the IdentityFailure exception are
> and then return different URLs depending on this info.
> Example (untested):
> def failure_url(): > if (identity.current.not_anonymous and > 'foo' in cherrypy.request.identity_errors): > return url('/access_denied') > return url('/login')
> See the code for 'turbogears.identity.exceptions' (set_identity_errors, > IdentityFailure) and turbogears.identity.conditions (Predicate, require) > for particulars.
> As a simpler, but less general alternative, you can test for the > required permissions *within* your controller method and then just do > the redirect yourself. If you are just redirecting to a "Access denied" > page, you probably don't need to care about retaining request parameters > across redirects.
> Example (also untested):
> class MyController(controllers.Controller, identity.SecureResource): > @expose('bla') > def bla(self): > if not 'foo' in identity.current.permissions: > if identity.current.not_anonymous: > redirect('/access_denied') > raise identity.IdentityFailure
Hello Christopher, Would be nice if what you wrote here was added to the .py file that has the code.
Just wondering, what is your / TG project preference when documenting things like this. I'm sure you could copy what you wrote here in the email and paste it to turbogears/identity/exceptions.py comment section, and that would be painless.
> On Thu, Apr 24, 2008 at 9:44 AM, Christopher Arndt <chris.ar...@web.de> wrote: >> Cecil Westerhof schrieb: >> > With the identity module you go to a login page when you do not have >> > enough credentials. Is it possible to make a difference between a user >> > that is not logged in (login page) and a logged in user that has not >> > enough credentials (entry denied)?
>> Yes, you can, but this is a feature of the identity framework that isn't >> really documented well (i.e not at all ;-)). > Would be nice if what you wrote here was added to the .py file that > has the code.
> Just wondering, what is your / TG project preference when documenting > things like this. I'm sure you could copy what you wrote here in the > email and paste it to turbogears/identity/exceptions.py comment > section, and that would be painless.
I'm not sure if I understand your question? Are you suggesting I should copy-and-paste what I wrote into a source ccode docstring? I think I should test if it actually works first ;-)
On Thu, Apr 24, 2008 at 4:07 PM, Christopher Arndt <chris.ar...@web.de> wrote:
> Lukasz Szybalski schrieb:
> > On Thu, Apr 24, 2008 at 9:44 AM, Christopher Arndt <chris.ar...@web.de> wrote: > >> Cecil Westerhof schrieb:
> >> > With the identity module you go to a login page when you do not have > >> > enough credentials. Is it possible to make a difference between a user > >> > that is not logged in (login page) and a logged in user that has not > >> > enough credentials (entry denied)?
> >> Yes, you can, but this is a feature of the identity framework that isn't > >> really documented well (i.e not at all ;-)).
> > Would be nice if what you wrote here was added to the .py file that > > has the code.
> > Just wondering, what is your / TG project preference when documenting > > things like this. I'm sure you could copy what you wrote here in the > > email and paste it to turbogears/identity/exceptions.py comment > > section, and that would be painless.
> I'm not sure if I understand your question? Are you suggesting I should > copy-and-paste what I wrote into a source ccode docstring? I think I > should test if it actually works first ;-)
Yes. I think a lot of documentation is here on the list, and sometimes if somebody with svn write access could copy and paste it into source code docstring (after testing it ;) ) it can be automatically generated via epydoc.
It would be cool if that was possible and done more often.(when time permits)
|
