I have spent the bulk of last evening and this morning trying to test
web2py services and authorization. In addition to setting
auth.settings.allow_basic_login = True I have deleted the "call
function" in the default controller, created a seperate controller
"mmservices",and and populated with the following code:
@auth.requires_login()
def call():
"""
exposes services. for example:
http://..../[app]/default/call/jsonrpc
decorate with @services.jsonrpc the functions to expose
supports xml, json, xmlrpc, jsonrpc, amfrpc, rss, csv
"""
session.forget()
return service()
@service.xmlrpc
def getmeetings():
if auth.is_logged_in():
return 'you are logged in!'
else:
return 'NO DICE'
@service.xmlrpc
def test(insink):
if auth.is_logged_in():
return 'test: you are logged in!'
else:
return 'test: NO DICE'
My questions are:
1) what is the purpose of the "call" function? I see that it is part
of the proxy when invoking, but am not sure where it gets invoked or
what it does. Does there need to be a separate call for each web-
service function (as I saw in a forum post)?
2) when i enter http://www.meetingmonkey.net/init/mmservices/getmeetings
without logging in I get "no dice". I suspect this is due to the fact
that I am accessing the function because it is in a controller. This
is not the desired behavior as I want to ensure the user has logged in
before getting access to the function. Is there a complete example of
the best practice for implementing web-services including where to put
various parts of code?
3) when I enter
http://www.meetingmonkey.net/init/mmservices/call/xmlrpc/getmeetings
without logging 8in I am redirected to the login page. I would rather
just return an unauthorized error, but do not know how to do?
