You can try something like this....
Create a module auth.py
---- begin module auth.py -----
def requires_login():
def lazy(f):
def lazylazy(f=f):
from gluon import current, redirect, URL
if not current.session.auth or not 'user' in
current.session.auth:
redirect(URL('not_authorized'))
return f()
return lazylazy
return lazy
----- end -----
In your module:
import auth
@auth.requires_login()
def any_function(): return dict(....)
I did not try it. May need some tweaks. Will not work if any_function
takes arguments. That would require some major tweaks.
On Dec 29, 11:22 pm, Bruno Rocha <[email protected]> wrote:
> Access control decorators are designed to work in controller actions only,
> because actions define workflow of the application, even if you have code
> in modules, the action is what your user will call.
>
> But, you can always use other methods to check permissions etc..
>
> in modulesyou can do [ auth.has_permission(), auth.has_membership(), if
> auth.user.id: ]
>
> but have in mind that if your Auth instance is created in models, you will
> have to always pass it to the module or use the current object.
>
> I am not using models anymore, so all my objects (db, crud, auth, service)
> are created in modules and I have access to them.
>
> On Fri, Dec 30, 2011 at 12:52 AM, lyn2py <[email protected]> wrote:
> > In controllers, it would look like:
>
> > @auth.requires_login()
> > def function():
> > pass
>
> > How do I implement requires_login (and other auth decorators)
> > correctly in module methods that require access control?
>
> > Thanks!
>
> --
>
> Bruno Rocha
> [http://rochacbruno.com.br]
