Thanks for your help again, Diez. Splitting the actions into three
sets of controllers is what I ended up doing. I just put shared
controller methods into a single SharedController class. I now have:
class MangerController
allow_only = authorize.in_group('manage')
class AdminController
allow_only = authorize.in_group('admin')
class SharedController
@require(Any(in_group('manage'), in_group('admin')))
def sharedmethod1(self, id=-1, **kw)
--- more methods and @requires
I am a bit lucky in that out of about 70 controller methods, I think I
will only need to share around 5. These are shared between 2 or 3
groups so putting them into a single shared controller makes sense.
But what about someone who has a more complex sharing arrangement? I
can see three possibilities:
1) Assuming that controller methods are most logically arranged into
sub-controllers according to the group that uses them, you would have
a bunch of Group1Controller, Group1Group2Controller,
Group1Group2Group3Controller. allow_only could be used, but now you
have lots of controllers.
2) A single shared controller with method-level authorization could
get to be very long, plus getting all of the @requires as you want
them seems more error-prone than a single allow_only.
3) I guess you could pull out as much of the shared method logic as
possible and just bunch it into a imported module, but you still would
be duplicating a good bit of code.
I'm curious to known how other people setup sub-controllers and
authorization.
- Shane
On Nov 29, 5:55 am, "Diez B. Roggisch" <[email protected]> wrote:
> On Sunday, November 28, 2010 22:16:45 Shane wrote:
> > Hello,
>
> > I have a controller with default authorization criteria given by:
>
> > class AdminController(BaseController):
> > allow_only = authorize.in_group('admin')
>
> > But I want to share a few methods within AdminController with groups
> > other than 'admin'. Is there a way I can override the default
> > authorization criterion
> > of methods within AdminController w/o adding a @require() to every
> > single method
> > within AdminController? I was hoping that adding a @require()
> > decorator while keeping
> > the allow_only would be a solution, but it is not:
>
> > # Both 'admin' and 'store_manager' groups need this method. Don;t
> > want to repeat myself in the
> > # ManagerController, so share the method...
> > �...@require(Any(in_group('store_manager'), in_group('admin'), msg='Only
> > administrators or managers can edit Customers'))
> > def editCustomer(self, id=-1, **kw):
> > # Does not work. Still requires user to be in 'admin' group.'
>
> > No a big deal to but in a @require in front of every method, but
> > wanted to see if there was an
> > easier way.
>
> No. But is there any reason not to split up the two sets of actions into two
> separate controllers?
>
> Diez
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/turbogears?hl=en.
