[TurboGears] Re: No redirect when not enough credentials

Thu, 24 Apr 2008 07:44:27 -0700 

Cecil Westerhof schrieb:
> I have been playing with TG for two days now and I must say that untill 
> now I like it. ;-}
> 
> With the identity module you go to a login page when you do not have 
> enough credentials. Is it possible to make a difference between a user 
> that is not logged in (login page) and a logged in user that has not 
> enough credentials (entry denied)?

Yes, you can, but this is a feature of the identity framework that isn't 
really documented well (i.e not at all ;-)).

You can set the configuration setting 'identity.failure_url' to a 
callable, which will get evaluated every time an IdentityFailure 
exception occurs. In this function you can then check

a) if the the user is anonymous (not logged in)
b) what the error message(s) of the IdentityFailure exception are

and then return different URLs depending on this info.

Example (untested):

def failure_url():
     if (identity.current.not_anonymous and
        'foo' in cherrypy.request.identity_errors):
        return url('/access_denied')
     return url('/login')

See the code for 'turbogears.identity.exceptions' (set_identity_errors, 
IdentityFailure) and turbogears.identity.conditions (Predicate, require) 
for particulars.


As a simpler, but less general alternative, you can test for the 
required permissions *within* your controller method and then just do 
the redirect yourself. If you are just redirecting to a "Access denied" 
page, you probably don't need to care about retaining request parameters 
across redirects.

Example (also untested):

class MyController(controllers.Controller, identity.SecureResource):
     @expose('bla')
     def bla(self):
         if not 'foo' in identity.current.permissions:
             if identity.current.not_anonymous:
                 redirect('/access_denied')
             raise identity.IdentityFailure

See also 
http://docs.turbogears.org/1.0/UsingIdentity#explicit-permission-checking


HTH, Chris

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to