Hello, everybody.
I already mentioned this in another email, but I think it deserves its own
thread.
In trunk I've implemented a class decorator that sets controller-wide access
rules (@tg.protect), based on the @ControllerProtector decorator in the new
repoze.what-pylons package.
So, right now the following controllers are equivalent:
> class ControlPanel(BaseController):
> allow_only = has_permission('manage')
>
> def _failed_authorization(self, reason):
> if response.status.startswith('401'):
> status = 'warning'
> else:
> status = 'error'
> flash(reason, status)
> ---
> @protect(has_permission)
> class ControlPanel(BaseController):
> pass
>From my point of view, @protect is *much* more elegant, extensible and
maintainable (more on why it's extensible in the repoze.what-pylons
documentation). It's also more reliable/clear because, in a nutshell, what it
does is decorate Controller.__before__ with a @require.
The Controller.allow_only feature is controversial (some of us think it's best
to prepend one or two underscores) and it's maintained in the TG package
itself (while @protect is a simple subclass of a decorator maintained in a
third party package).
So, I propose that we drop Controller.allow_only and stick to @protect.
What do you think?
Cheers.
--
Gustavo Narea <http://gustavonarea.net/>.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to turbogears-trunk@googlegroups.com
To unsubscribe from this group, send email to
turbogears-trunk+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
