On Mon, Jan 26, 2009 at 4:49 PM, Gustavo Narea <m...@gustavonarea.net> wrote:
> Hello, Florent!
> On Monday January 26, 2009 13:55:07 Florent Aide wrote:
>> The issue is that the request to the db needs to filter based on a
>> parameter that is posted on the controller method I protected with
>> @require.
>> At the moment the check_auth function takes only "predicate" and
>> "environ" and I'd like to add some *args, **kwargs to pass in the
>> params that would then go to the decorated controller.
> You can do something like this (not tested but should work):
>    from paste.request import parse_formvars, parse_querystring
>    from repoze.what.predicates import Predicate
>    from yourcoolapplication.model import BlogPost, DBSession
>    class can_edit_post(Predicate):
>        message = 'Post %(post_id)s can only be edited by its author'
>        def __init__(self, post_id_variable='post_id', variable_type='GET'
>                     **kwargs):
>            self.post_id_variable = post_id_variable
>            self.variable_type = variable_type
>            super(can_edit_post, self).__init__(**kwargs)
>        def evaluate(self, environ, credentials):
>            # Extracting the post Id from the POST/GET variables
>            include_get_vars = self.variable_type == 'GET'
>            vars = parse_formvars(environ, include_get_vars)

this won't work with urls of the form:


and thus we'll need to devise something more, like introspection of
the decorated controller's method's args...

Repoze-dev mailing list

Reply via email to