durusmail: quixote-users: altdemo to also show form-based login and page access control
altdemo to also show form-based login and page access control
2005-02-28
Mario Ruggier (2 parts)
2005-02-28
Neil Schemenauer
2005-02-28
David Binger
altdemo to also show form-based login and page access control
2005-02-28
mso@oz.net
2005-03-01
Mario Ruggier
2005-03-01
David Binger
2005-03-01
Mario Ruggier
2005-03-01
David Binger
2005-03-01
Mario Ruggier
2005-03-01
David Binger
2005-03-01
Oscar Rambla
2005-03-02
Shalabh Chaturvedi
altdemo to also show form-based login and page access control
Shalabh Chaturvedi
2005-03-02
David Binger wrote:
> Here's what we have instead of using NotLoggedInError.
> I think the behavior the client sees is similar to what you describe below,
> in that there is no special login url.
> We just call ensure_signed_in() anywhere where we are about to
> expose information that requires authentication.
>
> def ensure_signed_in(msg="Please sign in."):
>     import dulcinea.ui.user.signin
>     if not get_user():
>         page = dulcinea.ui.user.signin.SignIn().form(login_reason=msg)
>         if not get_user():
>             get_response().set_body(page)
>             get_publisher().respond_now() # raises RespondNow,
>
> We have similar, but simpler functions "not_found()", "invalid_query()",
> and "redirect()", all
> of which set the response body, status, and headers as needed, and then
> raise RespondNow.
> Quixote doesn't need to have any knowledge about particular
> application-level exceptions.

Aha, interesting! Presumably this would simplify the following pattern I
have at the top of every protected method:

  if not session.get_user():
      return login_page(msg="You need to be..", return_to=self._q_location)

Which should be replaceable by just one line. There have been other
places I seem to recall that I needed to 'respond now', without wanting
to clutter the outer method. Very useful!

Shalabh
reply