Hello, using TurboGears for half a year now, I am wondering whether it is possible to create a custom HTTP filter (derived from the BaseFilter class), that determines whether a user is able to access a site or not. Of course I could use the identity decorator, but decorating every exposed function in every controller is a bit complex. So what I need is a filter, that is executed before the controller function is called. I tried such a filter and connected it with the "on_start_resource" hook, but TurboGears initialises the identity.user object later at the "before_main" hook.
In our application, we "stick" the appropriate object to the request, depending on the entered URL. That means http://host/object/12345 will create an object with the given ID. At this point I want to check, whether the logged in user has the permission to view, edit, delete this object, without using an identity decorator for each exposed function. As TurboGears starts the VisitFilter so lately I can only use my permission filter at the "before_finalize" hook, which works well, but in my opinion too late for an URL/permission filter. Has somebody found a way to overwrite the TurboGears VisitFilter so that the identity.user object is initialised earlier or another solution to validate URLs depending on a user's permission - without the use of decorators? Thanks in advance, Henning --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
