Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #2112 (closed enhancement: fixed)

Opened 11 years ago

Last modified 10 years ago

Document overriding @require error handling

Reported by: vinces1979 Owned by: Gustavo
Priority: normal Milestone: 2.0b5
Component: Documentation Version: trunk
Severity: normal Keywords: sprint documentation
Cc:

Description

The default @require redirects can cause issues in non html applications. (Ex: flex applications)

Example Usage (this will raise a Flex ErrorMessage?):

class AuthFailed(remoting.RemotingError):
    pass

add_error_class(AuthFailed, "Auth.Failed")

def flexError(reason):
    msg = remoting.ErrorFault()
    msg.description = reason
    msg.code = "Auth.Failed"
    msg.level = "error"
    return msg.raiseException()

class FlexController:
    @require(authorize.not_anonymous("NOT AUTHED"), flexError)
    def echo(self, data):
        user = ""
        if request.identity:
            user = request.identity['user'].display_name
            log.debug("USER: %s" % user)
        
        return "Turbogears gateway says: %s %s" % (data, user)

Attachments

decorators.py.diff Download (636 bytes) - added by vinces1979 11 years ago.
controllers.py.diff Download (888 bytes) - added by vinces1979 11 years ago.

Change History

Changed 11 years ago by vinces1979

comment:1 Changed 11 years ago by mramm

  • Milestone changed from 2.0b1 to 2.0b2

comment:2 in reply to: ↑ description Changed 11 years ago by vinces1979

Replying to vinces1979:

A better usage example:

def require(predicate):
    """ wrap TG's default require and override the error handler with a customError """
    @decorator
    @tg_require(predicate, error_handler=customError) #: override tg's default redirect
    def check_auth(func, *args, **kwargs):
        return func(*args, **kwargs)
    return check_auth

comment:3 Changed 11 years ago by Gustavo

  • Status changed from new to assigned
  • Owner changed from faide to Gustavo

Good point, although we'll also need an analogous alternative to controller-wide authorization using the allow_only attribute. What about running a method called, say, "_failed_authorization", if defined and the predicate in allow_only is not met?

comment:4 Changed 11 years ago by vinces1979

Good point I forgot about the allow_only, I am using this in a pyamf application so my Controller handles the allow_only already.

I created a patch for adding _failed_authorization to the _check_security

example Usuage:

from pylons.controllers.util import abort

class Secc(BaseController):
    """Sample controller-wide authorization"""

    # The predicate that must be met for all the actions in this controller:
    allow_only = has_permission('manage',
                                msg=_('Only for people with the "manage" permission'))
    
    def _failed_authorization(self, *args, **kws):
        log.debug("Custom Error Called %s %s" % (args, kws))
        abort("500", "Not Found")


Changed 11 years ago by vinces1979

comment:5 Changed 11 years ago by mramm

  • Keywords sprint documentation added
  • Summary changed from [Patch] Allow overriding @require error handling to Document overriding @require error handling

comment:6 Changed 11 years ago by mramm

  • Milestone changed from 2.0b2 to 2.0b3

comment:7 Changed 10 years ago by jorge.vargas

  • Component changed from TurboGears to Documentation

comment:8 Changed 10 years ago by mramm

  • Status changed from assigned to closed
  • Resolution set to fixed

Patches applied in #6219

Note: See TracTickets for help on using tickets.