[TurboGears] Re: No peak.security for 0.9

[Jeff Watkins]

On 21 Jan, 2006, at 6:03 am, Simon Belak wrote: Can I just sneak some generic functions into Identity than? ;) I have no problem with adding generic functions to Identity if generic functions solve a problem that can't be solved any other way. What I would like is to have more flexibility when it comes to authentication failure. Therefore I propose adding function fail() defined as: @generic() def fail(func, errors=None): pass @fail.when(strategy.default) def _default_redirect(func, errors): raise cherrypy.InternalRedirect( current_provider.url_for_identity_failure()) Predominantly it would get called from require(), but of curse it could be triggered manually as well. There's no need to call this from the require decorator. It doesn't need any more flexibility than it already has. I don't find myself saying: "Gosh, I wish I could do XYZ in the require decorator, but I have no idea how without a generic failure function." Motivation: 1) Contextual redirection Try raising turbogears.redirect instead. That's what it's for, I think. Or if you need to redirect based on a specific set of errors, you should try specifying a callable for your identity-failure-url (soon to be committed). 2) Additional logging For example one may want to log every failed attempt to log-in as an administrator. I've been remiss about not adding enough logging to the Identity and Visit Tracking code. No admittedly, the standard logging might not be what everyone is looking for; I can envision Identity expanding to provide hooks for detailed authorisation logging. 3) Additional error handling For example properly ending a transaction, saving input of a multi-page form, etc. This is a general issue which shouldn't be solved in the Identity or Visit Tracking framework. Why would you have an authorisation failure in the MIDDLE of a multi-page form? This sounds more like a programmer-didn't-think-things-through-completely problem than anything with Identity. This enchantment is fully backwards compatible and imposes no overhead to those who do not wish to use it. So far no one has "stood up" and said: "I need to be able to X and I just can't without generic functions." And my experience managing software projects leads me to shy away from features that don't solve a problem. -- Jeff Watkins http://newburyportion.com/ Democracy n: A country where the newspapers are pro-American.