On 3 juin, 18:22, Henning Kage <[EMAIL PROTECTED]> wrote: > Hello, > > using TurboGears for half a year now, I am wondering whether it is > possible to create a custom HTTP filter (derived from the BaseFilter > class), that determines whether a user is able to access a site or > not. Of course I could use the identity decorator, but decorating > every exposed function in every controller is a bit complex. Do you know, you can setup identity checking at controller side, for all its methods ? I dont know if it's recursive, but you can test it. Regards > So what I > need is a filter, that is executed before the controller function is > called. I tried such a filter and connected it with the > "on_start_resource" hook, but TurboGears initialises the identity.user > object later at the "before_main" hook. > > In our application, we "stick" the appropriate object to the request, > depending on the entered URL. That meanshttp://host/object/12345will > create an object with the given ID. At this point I want to check, > whether the logged in user has the permission to view, edit, delete > this object, without using an identity decorator for each exposed > function. > > As TurboGears starts the VisitFilter so lately I can only use my > permission filter at the "before_finalize" hook, which works well, but > in my opinion too late for an URL/permission filter. Has somebody > found a way to overwrite the TurboGears VisitFilter so that the > identity.user object is initialised earlier or another solution to > validate URLs depending on a user's permission - without the use of > decorators? > > Thanks in advance, > Henning --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
