How about using digitally signed URLS?
from gluon.utils import web2py_uuid
def a():
# some code
if form.accepts(request.vars, session):
session.tmpkey = web2py_uuid()
redirect(URL('b',hmac_key=session.tmpkey))
return dict(form=form)
def b():
if not URL.verify(hmac_key=session.tmpkey): redirect(URL('a'))
# some code
if form.accepts(request.vars, session):
session.tmpkey = web2py_uuid()
redirect(URL('c',hmac_key=session.tmpkey))
return dict(form=form)
def c():
if not URL.verify(hmac_key=session.tmpkey): redirect(URL('a'))
return "**** c *****"
Would be easier if users were logged in.
On Aug 28, 4:20 am, Martin Weissenboeck <[email protected]> wrote:
> Hi,
>
> lets say I have 3 functions
>
> def a():
> # some code
> if form.accepts(request.vars, session):
> redirect(URL('b'))
> return dict(form=form)
>
> def b():
> # some code
> if form.accepts(request.vars, session):
> redirect(URL('c'))
> return dict(form=form)
>
> def c():
> return "**** c *****"
>
> a, b and c have their own views. I do not want to allow any user to start at
> function b or c. Everybody has to start at a.
> I think, this problem could be solved using a decorator, but I could not
> find how.
>
> Regards, Martin
