What is the recommended approach to making a view available only to
*unauthenticated* users? Examples of such pages would be login pages,
password reset pages, etc. I can imagine doing a check at the beginning of
the view function like
if authenticated_userid(request) is None:
# Redirect to some other page
But is there a simpler way, one that doesn't involve repeating this code on
every one of those pages. Maybe a view_config decorator?
I guess I could create a new custom decorator like @only_unauthenticated,
but better would be to create a custom parameter in the existing
view_config decorator, like @view_config(unauthenticated=True). Is
extending @view_config like this possible, how could I get access to that
custom parameter?
I'm also wondering if there's a simple way to make a page visible only to
*authenticated* users? Right now I create an ACL like
__acl__ = [(Allow, Authenticated, 'auth'), ]
Then protect the view with an 'auth' permission. Is this a good way of
doing it, or is there a simpler way. Something like
'@view_config(permission=Authenticated)'?
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/d/optout.
