On Thu, Apr 24, 2008 at 9:44 AM, Christopher Arndt <[EMAIL PROTECTED]> wrote:
>
> Cecil Westerhof schrieb:
>
> > I have been playing with TG for two days now and I must say that untill
> > now I like it. ;-}
> >
> > With the identity module you go to a login page when you do not have
> > enough credentials. Is it possible to make a difference between a user
> > that is not logged in (login page) and a logged in user that has not
> > enough credentials (entry denied)?
>
> Yes, you can, but this is a feature of the identity framework that isn't
> really documented well (i.e not at all ;-)).
>
> You can set the configuration setting 'identity.failure_url' to a
> callable, which will get evaluated every time an IdentityFailure
> exception occurs. In this function you can then check
>
> a) if the the user is anonymous (not logged in)
> b) what the error message(s) of the IdentityFailure exception are
>
> and then return different URLs depending on this info.
>
> Example (untested):
>
> def failure_url():
> if (identity.current.not_anonymous and
> 'foo' in cherrypy.request.identity_errors):
> return url('/access_denied')
> return url('/login')
>
> See the code for 'turbogears.identity.exceptions' (set_identity_errors,
> IdentityFailure) and turbogears.identity.conditions (Predicate, require)
> for particulars.
>
>
> As a simpler, but less general alternative, you can test for the
> required permissions *within* your controller method and then just do
> the redirect yourself. If you are just redirecting to a "Access denied"
> page, you probably don't need to care about retaining request parameters
> across redirects.
>
> Example (also untested):
>
> class MyController(controllers.Controller, identity.SecureResource):
> @expose('bla')
> def bla(self):
> if not 'foo' in identity.current.permissions:
> if identity.current.not_anonymous:
> redirect('/access_denied')
> raise identity.IdentityFailure
>
Hello Christopher,
Would be nice if what you wrote here was added to the .py file that
has the code.
http://lucasmanual.com/tgdocs/turbogears.identity.exceptions-pysrc.html#IdentityFailure.__init__
Just wondering, what is your / TG project preference when documenting
things like this. I'm sure you could copy what you wrote here in the
email and paste it to turbogears/identity/exceptions.py comment
section, and that would be painless.
Lucas
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en
-~----------~----~----~----~------~----~------~--~---
