Hi,
I'm trying to use identity to make sure that users can only edit their
own documents. The way I've set it up (using 0.9a6) is to create a
separate permission for each user. So if the user "johndoe" has the
permission "johndoe" then they are free to do what they want with their
own stuff.
My root controller inherits from identity.SecureResource as suggested
in the wiki. I then have a method require_user_permission() in the
controller:
def require_user_permission(self):
if identity.current.anonymous:
raise identity.IdentityException()
if (identity.current.id not in identity.current.permissions):
raise identity.IdentityException()
This method is called at the beginning of every exposed method that
requires identification. If I understand the wiki correctly, these
exceptions should be caught by the controller (since it derives from
SecureResource) and then dealt with by redirecting to the login page.
However, when I run it the exception is not caught and I get an error:
File "/Users/tobiasbrandvik/Desktop/demo/demo/controllers.py", line 57,
in document
self.require_user_permission()
File "/Users/tobiasbrandvik/Desktop/demo/demo/controllers.py", line
41, in require_user_permission
raise identity.IdentityException()
IdentityException: <bound method Root.document of
<demo.controllers.Root object at 0x20bb550>>
If I use decorators to check for something simpler than individual
permissions, everything is ok and I get redirected to the login page.
Any pointers on what I'm doing wrong would be welcome!
Regards,
Tobias.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/turbogears
-~----------~----~----~----~------~----~------~--~---
