On Mon, Jan 26, 2009 at 4:49 PM, Gustavo Narea <m...@gustavonarea.net> wrote:
> Hello, Florent!
> On Monday January 26, 2009 13:55:07 Florent Aide wrote:
>> The issue is that the request to the db needs to filter based on a
>> parameter that is posted on the controller method I protected with
>> At the moment the check_auth function takes only "predicate" and
>> "environ" and I'd like to add some *args, **kwargs to pass in the
>> params that would then go to the decorated controller.
> You can do something like this (not tested but should work):
> from paste.request import parse_formvars, parse_querystring
> from repoze.what.predicates import Predicate
> from yourcoolapplication.model import BlogPost, DBSession
> class can_edit_post(Predicate):
> message = 'Post %(post_id)s can only be edited by its author'
> def __init__(self, post_id_variable='post_id', variable_type='GET'
> self.post_id_variable = post_id_variable
> self.variable_type = variable_type
> super(can_edit_post, self).__init__(**kwargs)
> def evaluate(self, environ, credentials):
> # Extracting the post Id from the POST/GET variables
> include_get_vars = self.variable_type == 'GET'
> vars = parse_formvars(environ, include_get_vars)
this won't work with urls of the form:
and thus we'll need to devise something more, like introspection of
the decorated controller's method's args...
Repoze-dev mailing list