durusmail: quixote-users: altdemo to also show form-based login and page access control
altdemo to also show form-based login and page access control
2005-02-28
Mario Ruggier (2 parts)
2005-02-28
Neil Schemenauer
2005-02-28
David Binger
altdemo to also show form-based login and page access control
2005-02-28
mso@oz.net
2005-03-01
Mario Ruggier
2005-03-01
David Binger
2005-03-01
Mario Ruggier
2005-03-01
David Binger
2005-03-01
Mario Ruggier
2005-03-01
David Binger
2005-03-01
Oscar Rambla
2005-03-02
Shalabh Chaturvedi
altdemo to also show form-based login and page access control
Mario Ruggier
2005-03-01
On Mar 1, 2005, at 1:48 PM, David Binger wrote:
> Here's what we have instead of using NotLoggedInError.
> I think the behavior the client sees is similar to what you describe
> below,
> in that there is no special login url.
> We just call ensure_signed_in() anywhere where we are about to
> expose information that requires authentication.
>
> def ensure_signed_in(msg="Please sign in."):
>     import dulcinea.ui.user.signin
>     if not get_user():
>         page = dulcinea.ui.user.signin.SignIn().form(login_reason=msg)
>         if not get_user():
>             get_response().set_body(page)
>             get_publisher().respond_now() # raises RespondNow,
>
> We have similar, but simpler functions "not_found()",
> "invalid_query()", and "redirect()", all
> of which set the response body, status, and headers as needed, and
> then raise RespondNow.
> Quixote doesn't need to have any knowledge about particular
> application-level exceptions.

The genericity of RespondNow and how it is handled is attractive. So
you are basically putting the error specifics in the the preparation of
the response object, prior to doing a respond_now. So, those error
specifics have more of a chance of staying together in one place... ?

What is not clear to me is what is the special role of Dulcinea here,
other than serving as the utility that provides the source for the
login page? Handling of RespondNow is done by the Publisher, entirely?

ensure_signed_in() would still be called from a _q_access, typically?

How would this scale to the situation of having several user roles,
with different privileges, e.g. for an admin page being signed in would
not suffice. This would just be an additional elif clause in
ensure_signed_in(), that checks also the page's accessibility level, as
well as the user's role/privileges, and what is set on the response?

So, in this scheme one would not need to subclass the Publisher to
handle application-specific exceptions?

But possibly the most attractive thing about RespondNow is that it is
completely http-centric, which seems highly appropriate here...

mario
reply