On Wed, Feb 11, 2009 at 11:28 AM, Gustavo Narea <m...@gustavonarea.net> wrote: > > Hello, everybody. > > I already mentioned this in another email, but I think it deserves its own > thread. > > In trunk I've implemented a class decorator that sets controller-wide access > rules (@tg.protect), based on the @ControllerProtector decorator in the new > repoze.what-pylons package. > > So, right now the following controllers are equivalent: >> class ControlPanel(BaseController): >> allow_only = has_permission('manage') >> >> def _failed_authorization(self, reason): >> if response.status.startswith('401'): >> status = 'warning' >> else: >> status = 'error' >> flash(reason, status) >> --- >> @protect(has_permission) >> class ControlPanel(BaseController): >> pass > > From my point of view, @protect is *much* more elegant, extensible and > maintainable (more on why it's extensible in the repoze.what-pylons > documentation). It's also more reliable/clear because, in a nutshell, what it > does is decorate Controller.__before__ with a @require. > > The Controller.allow_only feature is controversial (some of us think it's best > to prepend one or two underscores) and it's maintained in the TG package > itself (while @protect is a simple subclass of a decorator maintained in a > third party package). > > So, I propose that we drop Controller.allow_only and stick to @protect. > > What do you think?
class decorators? what about everyone not in py2.6? I think way back when allow_only was created we agreed it was a good compromise before class decorators where introduced. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to turbogears-trunk@googlegroups.com To unsubscribe from this group, send email to turbogears-trunk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---