Hello, everybody. I already mentioned this in another email, but I think it deserves its own thread.
In trunk I've implemented a class decorator that sets controller-wide access rules (@tg.protect), based on the @ControllerProtector decorator in the new repoze.what-pylons package. So, right now the following controllers are equivalent: > class ControlPanel(BaseController): > allow_only = has_permission('manage') > > def _failed_authorization(self, reason): > if response.status.startswith('401'): > status = 'warning' > else: > status = 'error' > flash(reason, status) > --- > @protect(has_permission) > class ControlPanel(BaseController): > pass >From my point of view, @protect is *much* more elegant, extensible and maintainable (more on why it's extensible in the repoze.what-pylons documentation). It's also more reliable/clear because, in a nutshell, what it does is decorate Controller.__before__ with a @require. The Controller.allow_only feature is controversial (some of us think it's best to prepend one or two underscores) and it's maintained in the TG package itself (while @protect is a simple subclass of a decorator maintained in a third party package). So, I propose that we drop Controller.allow_only and stick to @protect. What do you think? Cheers. -- Gustavo Narea <http://gustavonarea.net/>. Get rid of unethical constraints! Get freedomware: http://www.getgnulinux.org/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to turbogears-trunk@googlegroups.com To unsubscribe from this group, send email to turbogears-trunk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---