On 21 Jan, 2006, at 6:03 am, Simon Belak wrote:
There's no need to call this from the require decorator. It doesn't need any more flexibility than it already has. I don't find myself saying: "Gosh, I wish I could do XYZ in the require decorator, but I have no idea how without a generic failure function."
Try raising turbogears.redirect instead. That's what it's for, I think. Or if you need to redirect based on a specific set of errors, you should try specifying a callable for your identity-failure-url (soon to be committed).
I've been remiss about not adding enough logging to the Identity and Visit Tracking code. No admittedly, the standard logging might not be what everyone is looking for; I can envision Identity expanding to provide hooks for detailed authorisation logging.
This is a general issue which shouldn't be solved in the Identity or Visit Tracking framework. Why would you have an authorisation failure in the MIDDLE of a multi-page form? This sounds more like a programmer-didn't-think-things-through-completely problem than anything with Identity.
-- Jeff Watkins Democracy n: A country where the newspapers are pro-American. |
- [TurboGears] Re: No peak.security for 0.9 Jeff Watkins
- [TurboGears] Re: No peak.security for 0.9 Simon Belak
- [TurboGears] Re: No peak.security for 0.9 Ksenia Marasanova
- [TurboGears] Re: No peak.security for 0.9 reflog
- [TurboGears] Re: No peak.security for 0.9 Jeff Watkins
- [TurboGears] Re: No peak.security for 0.9 Phillip J. Eby
- [TurboGears] Re: No peak.security for 0.9 Kevin Dangoor
- [TurboGears] Re: No peak.security for 0.9 Phillip J. Eby
- [TurboGears] Re: No peak.security for 0... Kevin Dangoor
- [TurboGears] Re: No peak.security for 0... Jorge Godoy

