durusmail: quixote-users: altdemo to also show form-based login and page access control
altdemo to also show form-based login and page access control
2005-02-28
Mario Ruggier (2 parts)
2005-02-28
Neil Schemenauer
2005-02-28
David Binger
altdemo to also show form-based login and page access control
2005-02-28
mso@oz.net
2005-03-01
Mario Ruggier
2005-03-01
David Binger
2005-03-01
Mario Ruggier
2005-03-01
David Binger
2005-03-01
Mario Ruggier
2005-03-01
David Binger
2005-03-01
Oscar Rambla
2005-03-02
Shalabh Chaturvedi
altdemo to also show form-based login and page access control
Mario Ruggier
2005-03-01
On Feb 28, 2005, at 10:20 PM, David Binger wrote:
> On Feb 28, 2005, at 3:51 PM, Mario Ruggier wrote:
>
>> Hi,
>>
>> i needed to put in place form-based login and page access control,
>> and looking around there are only bits and pieces of suggestions and
>> code to show how this is done. So I have tried to put them together
>> into a working demo, and extended altdemo.py, in qx2, to show how
>> this can be done in a clean idiom, using AccessControlled and
>> _q_access and NotLoggedInError.
>
> This may not matter, but the next Dulcinea release uses a different
> mechanism from before.
> Basically, it uses a a special exception to break out of the normal
> traversal, but the
> application code sets everything on the response before raising the
> "RespondNow" exception.
> This puts the formatting of "interrupted" traversals more directly
> under the control
> of the application program.
>
> I think Quixote would be be better if it used this pattern instead of
> PublisrErrors,
> but the change would be pretty disruptive to existing applications.

To get a better feeling of how RespondNow works, it would be nice to
see some
demo code, and preferably code that does not require the swallowing of
too much
other stuff to be digestible... i have not yet assimilated Dulcinea
enough ;-(

Other than this, I have corrected a number of typos and minor things in
the demo i sent yesterday, the most notable of which is that the login
form action is now always set to the request's PATH_INFO, such that it
is always submitted to the "target" page, and, if authorization is
required, the login page is always shown instead, and on successful
authorization, the target page is displayed, even after possibly
several failed attempts.  I'll resend it if desired.

On Mar 1, 2005, at 12:19 AM, mso@oz.net wrote:
> (._q_access() if I remember needs a kludge to do redirects, and
> doesn't do
> alternate documents without hacking.)

I am not really redirecting... from the Publisher's try_publish() I am
returning
the contents of self.root_directory.login() when publishing fails due
to a
NotLoggedInError.

mario
reply