Looks fine.
On Sep 21, 4:34 pm, ron_m <[email protected]> wrote: > I am writing an application where login is required for almost the > entire site (Intranet application inside a company). There is an > equipment access dictionary structure I called user_access I build > from the database at login and cache in the session. I added code to > the default controller user function to set the dictionary to None on > logout as follows: > > In default.py > > def user(): > if request.args(0)=='logout': > session.user_access = None > return dict(form=auth()) > > I need the user_access dictionary as the basis for a menu structure > that allows access to equipment through menu items and doesn't offer > items the user is not supposed to use. > > I put this code into menu.py just after the index page definition and > the login/logoff and user_access dictionary states seem to track well > for what I need. > > response.menu = [ > (T('Index'), False, URL('default','index'), []) > ] > > if auth.user: > if not session.user_access: > session.user_access = get_user_access() > > response.menu += generate_user_dependent_menu() > > .... rest of menu code. > > Is this the right way to accomplish this? What if there are AJAX or > RPC service requests, I think model code still gets run fully and > these requests are required to be authenticated as well. I could also > move this to the last model file and then just put if auth.user: in > front of the per user defined portion of the menu. > > Thanks > Ron
