On a second thought, this is overwill... you can do:
def a():
# some code
if form.accepts(request.vars, session):
session.step = 'b'
redirect(URL('b'))
return dict(form=form)
def b():
if not session.step=='b': redirect(URL('a'))
# some code
if form.accepts(request.vars, session):
session.step = 'c'
redirect(URL('c'))
return dict(form=form)
def c():
if not session.step=='c': redirect(URL('a'))
return "**** c *****"
On Aug 28, 8:51 am, Massimo Di Pierro <[email protected]>
wrote:
> How about using digitally signed URLS?
>
> from gluon.utils import web2py_uuid
>
> def a():
> # some code
> if form.accepts(request.vars, session):
> session.tmpkey = web2py_uuid()
> redirect(URL('b',hmac_key=session.tmpkey))
> return dict(form=form)
>
> def b():
> if not URL.verify(hmac_key=session.tmpkey): redirect(URL('a'))
> # some code
> if form.accepts(request.vars, session):
> session.tmpkey = web2py_uuid()
> redirect(URL('c',hmac_key=session.tmpkey))
> return dict(form=form)
>
> def c():
> if not URL.verify(hmac_key=session.tmpkey): redirect(URL('a'))
> return "**** c *****"
>
> Would be easier if users were logged in.
>
> On Aug 28, 4:20 am, Martin Weissenboeck <[email protected]> wrote:
>
>
>
>
>
>
>
> > Hi,
>
> > lets say I have 3 functions
>
> > def a():
> > # some code
> > if form.accepts(request.vars, session):
> > redirect(URL('b'))
> > return dict(form=form)
>
> > def b():
> > # some code
> > if form.accepts(request.vars, session):
> > redirect(URL('c'))
> > return dict(form=form)
>
> > def c():
> > return "**** c *****"
>
> > a, b and c have their own views. I do not want to allow any user to start at
> > function b or c. Everybody has to start at a.
> > I think, this problem could be solved using a decorator, but I could not
> > find how.
>
> > Regards, Martin
