>> My subclassed RequestContext object plans to intercept the
>> Context.__getitem__ call (wherein redaction will hopefully happen
>> in my custom subclass), and thus needs to be the actual object,
>> not just a dict-like object merged into the existing
>> RequestContext object.
>
> Thinking sideways, do you really need to intercept the Context
> __getitem__, or can you just add an object to the context with a custom
> __getitem__ instead? Your templates would need to do {{ someobj.foo }}
> instead of {{ foo }}.
>
> The above would work if you just want to add computed items to the
> context, but obviously won't work if for some reason you want to alter
> or filter out pre-existing items from the context.
The aforementioned "redaction" is indeed "alter[ing] or
filter[ing] out pre-existing items from the context".
The catch is that my redaction needs to know the request context
information (is it an HTTPS connection, and is this user able to
see the info in question). It makes a check based on the
internal Meta class of my models, to see if a field should be
redacted. Thus, my class might look something like
class Person(Model):
name = CharField(...)
ssn = CharField(...)
dob = DateField(...)
ccn = CharField(...)
class Meta:
# redact the social-security # and credit-card number
redacted_fields = set(['ssn', 'ccn'])
The "ssn" field and "ccn" field should only ever be shown to
authenticated users with the defined permissions, over SSL
connections. Ideally, this redaction would take place before the
values ever get to the template, so template authors can't
accidentally leak sensitive information (by forgetting a filter).
I'd also like to have it as DRY as possible, so developers
don't have to remember to put redaction in everywhere, even if
it's just one per URL entry.
It can't readily go in the URLs.py because it needs the request
info to know whether to redact or not -- the first point of
interception is in the view. However, to take advantage of
generic views, I either need to tweak the RequestContext object
to use my own (and then get the generic views to use that new
object), or to copy the existing generic-view code-base and then
edit it to do the redaction within.
-tim
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
