Thanks for the workaround, I might take that. But I will still argue
that:
1. Does authentication have to mean logged-in, or can it be something
else, such as "accessing from localhost", "accessing via ajax", etc.?
2. if @auth already means authentication, why there is still an
auth.requires_login() which implemented as
auth.requires(auth.is_logged_in())? Shouldn't this implementation
imply that auth.requires() does not check is_logged_in()? All in all,
what is auth.requires()'s semantics?
Regards,
Ray
On Oct 17, 1:41 pm, Bruno Rocha <rochacbr...@gmail.com> wrote:
> I think it should be, because @auth means authentication, so needs
> authenticated user.
>
> In your case I should do differently.
>
> def secret():
> if not request.client == '127.0.0.1' or not auth.user:
> redirect(URL('default', 'user', args='login'))
> return {"": "some cool stuff"}
