I haven't looked into this in detail, but note that self.here() does in 
fact use the URL() function to generate the "next" variable.

Anthony

On Monday, January 20, 2014 12:25:59 PM UTC-5, Joe Barnhart wrote:
>
> I think I have found the underlying problem in tools.py, but I'm not sure 
> it is even fixable.
>
> The issue is that routes.py only works if you use the URL() function, but 
> the decorator @auth.requires_login doesn't use the URL function when it 
> presets the "next" field.  So everything works consistently except the 
> "next" after logon, which always fails because (in my case) it contains the 
> application name.  Here is the relevant part of the decorator:
>
>     def requires(self, condition, requires_login=True, otherwise=None):
>         """
>         decorator that prevents access to action if not logged in
>         """
>
>         def decorator(action):
>
>             def f(*a, **b):
>
>                 basic_allowed, basic_accepted, user = self.basic()
>                 user = user or self.user
>                 if requires_login:
>                     if not user:
>                         . . .
>                         else:
>                             next = self.here()
>                             current.session.flash = current.response.flash
>                             return call_or_redirect(
>                                 self.settings.on_failed_authentication,
>                                 self.settings.login_url +
>                                     '?_next=' + urllib.quote(next))
>
>                 if callable(condition):
>                     flag = condition()
>                 else:
>                     flag = condition
>                 if not flag:
>                     current.session.flash = self.messages.access_denied
>                     return call_or_redirect(
>                         self.settings.on_failed_authorization)
>                 return action(*a, **b)
>             f.__doc__ = action.__doc__
>             f.__name__ = action.__name__
>             f.__dict__.update(action.__dict__)
>             return f
>
>         return decorator
>
>
> I'm not sure this is even "fixable" since it would require 
> reverse-engineering a string back into the format desired for URL().  In 
> the short term, I fixed it by overriding the "next=" variable on the 
> creation of the login dialog box.  This is from my default controller, and 
> it works as expected:
>
> def user():
>     cmd=request.url.split('/')[-1]
>     if cmd=='register':
>         . . .
>         
>     elif cmd=='login':
>         return dict(form=auth.login(next=URL('register','index')))
>     return dict(form=auth())
>
>
>  
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to