Orkut Gmail Calendar Documents Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
TurboGears
Home
+ new post
Pages
Files
About this group
Join this group
Message from discussion No redirect when not enough credentials
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Christopher Arndt  
View profile  
 More options Apr 24 2008, 8:14 pm
From: Christopher Arndt <chris.ar...@web.de>
Date: Thu, 24 Apr 2008 16:44:17 +0200
Local: Thurs, Apr 24 2008 8:14 pm
Subject: Re: No redirect when not enough credentials
Forward | Print | View thread | Show original | Report this message | Find messages by this author
Cecil Westerhof schrieb:

> I have been playing with TG for two days now and I must say that untill
> now I like it. ;-}

> With the identity module you go to a login page when you do not have
> enough credentials. Is it possible to make a difference between a user
> that is not logged in (login page) and a logged in user that has not
> enough credentials (entry denied)?

Yes, you can, but this is a feature of the identity framework that isn't
really documented well (i.e not at all ;-)).

You can set the configuration setting 'identity.failure_url' to a
callable, which will get evaluated every time an IdentityFailure
exception occurs. In this function you can then check

a) if the the user is anonymous (not logged in)
b) what the error message(s) of the IdentityFailure exception are

and then return different URLs depending on this info.

Example (untested):

def failure_url():
     if (identity.current.not_anonymous and
        'foo' in cherrypy.request.identity_errors):
        return url('/access_denied')
     return url('/login')

See the code for 'turbogears.identity.exceptions' (set_identity_errors,
IdentityFailure) and turbogears.identity.conditions (Predicate, require)
for particulars.

As a simpler, but less general alternative, you can test for the
required permissions *within* your controller method and then just do
the redirect yourself. If you are just redirecting to a "Access denied"
page, you probably don't need to care about retaining request parameters
across redirects.

Example (also untested):

class MyController(controllers.Controller, identity.SecureResource):
     @expose('bla')
     def bla(self):
         if not 'foo' in identity.current.permissions:
             if identity.current.not_anonymous:
                 redirect('/access_denied')
             raise identity.IdentityFailure

See also
http://docs.turbogears.org/1.0/UsingIdentity#explicit-permission-chec...

HTH, Chris


    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2010 Google