Securing your URLs in code is OK, provided you're doing it consistently perhaps using a decorator, or in a base AdminHandler. This will let you allow some calls or respond differently to non-admin calls.
You might also want to check out the users.is_current_user_admin() function. http://code.google.com/appengine/docs/python/users/functions.html And, I would also suggest looking at the @login_required decorator. You could just write a @admin_required decorator. http://code.google.com/appengine/docs/python/tools/webapp/utilmodule.html Robert On Mon, Jan 17, 2011 at 12:33, Silencer <[email protected]> wrote: > i have two apps let us call it app1 and app2 ; > > Assume that i have logged in as admin in both apps. > in my work-flow i have to do a POST request from app1 rendered page > ( http://app1.appspot.com/sourcepage ) > to and apps url ( http://app2.appspot.com/updatedata ) . > > http://app2.appspot.com/updatedata is a url secured by login:admin in > the app.yaml file > > Now in FF3.6 , when such an ajax request is done using jQuery , > FF3.6 will first send a Preflighted request ( OPTIONS request ) . > This request is sent without cookies. > So appengine returns a redirect as response. > Although i have implemented the options(self) function for the > request, the control never reaches there > > So the original POST is not send at all. > > i read in some article that the credentials will not be sent with the > Preflighted request > So in that case is there a way to make options request alone to pass > through for admin urls ? > > TO get my workflow done at last i removed login:admin from app.yaml > and > checks for user logged in and compare email id's to a set of allowed > admins. > I know it is bad programming , but still. > > Is there any thing that i miss ? > > Please help > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
