I probably won't have much time to look at this until Tuesday or
perhaps even Wednesday. But I did find the code....
Here's the code snipit Jonathan sent me a while back::
from pylons.controllers.util import abort
from pylons.controllers.objectdispatch import iscontroller
from tg import expose
import inspect
def walk_controller(root_class, controller):
if hasattr(controller, 'lookup'):
lookup = controller.lookup
@expose()
def new_lookup(*args, **kwargs):
root_class._perform_validation()
return lookup(*args, **kwargs)
controller.lookup = new_lookup
for name, value in inspect.getmembers(controller):
if inspect.ismethod(value):
if iscontroller(value):
value.decoration.hooks['before_call'].append(
root_class._perform_validation
)
elif hasattr(value, '__class__'):
if name.startswith('__') and name.endswith('__'): continue
walk_controller(root_class, value)
class SecuredControllerMeta(type):
def __init__(cls, name, bases, dict_):
walk_controller(cls, cls)
class SecuredController(object):
__metaclass__ = SecuredControllerMeta
@classmethod
def check_permissions(cls):
return True
@classmethod
def _perform_validation(cls, *args, **kwargs):
if not cls.check_permissions():
abort(401, 'Unauthorized')
Basically this ensures that the classmethod check_permissions is
called (at the before_call hook) for every method in the class, or any
of it's member objects.
Obviously we could extend this so that we do identity predicate checks
specifically. But as long as check_permission returns a boolian value
we're good.
And we might be able to tweek the dispatch mechanism a bit to
eliminate the need for some of this stuff. This works, but it's not
particularly efficient at object instantiation time...
--Mark
On Sun, May 11, 2008 at 12:24 AM, Mark Ramm <[EMAIL PROTECTED]> wrote:
>> nope, what ChrisP wants is to be able to protect a full controller
>> without being forced to used a decorator on each exposed method.
>> This is something that is still needed.
>
> I think I have a sample of something that could work for this
> somewhere, I'll try to post it up somewhere (or just add it to
> tgrepozewho) in the next couple of days.
>
> --Mark Ramm
>
--
Mark Ramm-Christensen
email: mark at compoundthinking dot com
blog: www.compoundthinking.com/blog
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
