On Friday January 30, 2009 04:25:22 Christoph Zwerschke wrote: > Thanks for answering that, Gustavo. I completely agree that in use cases > as above, the can_access() function would be a better solution than > repeating the predicate of the controller. It would be really useful to > have such a function and I'd appretiate if you could make that happen.
OK, then let's make it! :) http://trac.turbogears.org/ticket/2172 By the way, does anybody have a better name for that function? I don't like can_access() too much. > However, I can also imagine use cases where you still want to check > predicates inside the template (or the controller), e.g. when you want > to show some additional information on a page only when the user has the > permission "can_view_additional_info". I think it's better to check the predicate in the controller and then pass a boolean variable to the template which tells if the user can see the message or not. For example: """ # in your controller: display_message = evaluate(has_permission('manage')) return dict(display_message=display_message) """ ## in your template: <p py:if="display_message"> You are allowed to read this message. </p> """ However, the evaluate() function above (which *simply* evaluates a predicate and returns a boolean depending on whether it's met) doesn't exist yet: http://trac.turbogears.org/ticket/2173 There's a similar function defined in repoze.what itself called check_authorization() [1], but it's not suitable for this situation: 1.- TG2 users don't need to use it -- TG2 does so for you when you use the @require decorator or the "allow_only" attribute in your controller. 2.- It requires the environment to be passed, hence it should be proxied by a TG-specific function (so that you don't have to pass the environ). 3.- It raises an exception when the predicate is not met. 4.- It logs whether authorization failed/succeeded and why. Possibly/Hopefully I'll implement the functions above this weekend. But if somebody familiar with repoze.what wants to jump in, I'd appreciate it. ;-) Cheers! [1] http://static.repoze.org/whatdocs/Manual/Predicates.html#module- repoze.what.authorize -- Gustavo Narea <http://gustavonarea.net/>. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
