On Thu, Jun 12, 2014 at 8:13 PM, John Qin <[email protected]> wrote: > I have a google app engine web site. this site is using golang. There's > a page "Post", only admin allowed to access it and post articles. > in app.yaml file: > handlers: > - url: /post > script: _go_app > login: admin > here's the problem. I have 2 gmail accounts, one is [email protected], one > is [email protected]. I login as admin and post articles using both > accounts, I am afraid that as long as you have a valid gmaile account, you > can post articles. I only want one account to be admin. how do i do that? > > Are you afraid that this is the case, or have you tested and found that all Gmail accounts can post to your admin page?
The handler you posted should work properly to restrict that page to admins, unless there's a previous handler directive declaring a different login requirement. Can you try calling IsAdmin ( https://developers.google.com/appengine/docs/go/users/reference#IsAdmin ) on the */post* handler and see what it returns if non-admin accounts are using the page? ----------------- -Vinny P Technology & Media Advisor Chicago, IL App Engine Code Samples: http://www.learntogoogleit.com -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-appengine. For more options, visit https://groups.google.com/d/optout.
