I'm having trouble checking for authorization in nested CRUDRest controllers with @require decorator and my custom predicate checkers.
Basically, I have a ProjectController and inside it a PhaseController. So URLs look like myappadress/projects/project_id/phases. A user may have permission to deal with phases of a certain project only. So I have my own predicate checker that deals with that and I'm almost positive it does the job. The predicate checker takes project_id as an argument to check for the above. I tried getting the project_id in two different ways: 1- http://what.repoze.org/docs/1.0/Manual/Predicates/Writing.html Based on the example given in "Creating a predicate checker more sensitive to the request" 2- Overriding the _before method or creating a property as an attribute in PhaseController In both cases the important line looks like self.project_id = unicode(request.url.split("/")[-3]) I'm using @require to check for authorization for PhaseController.get_all(). And that's when trouble begin. It seems that @require is called (and by consequence, predicate is evaluated) by the time I acces myappaddress/projects, presumably when the PhaseController is defined in the ProjectContoller. The problem is, by that time, none of the above mentioned methods to get the project_id seem to work. More specifically, for each method: 1 - The project_id value that I get is None. 2- a) The _before method doesn't seem to run so I still get None. b) If I use a property, I just get a property object. Without authorization, the three methods work on getting me the project_id, they just can't get it soon enough I think. So the real question here is: Is there anyway to delay the evaluation of the predicate so I can get the project_id by any means? I'm really stuck here so any help is very much appreciated. Greetings. -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
