Even I have come across such requirements. Similar to Reza's requirement - we want to allow read operations to anyone, but insert/update/delete only for logged in user. Moreover, we also want to check auth.has_membership too.
DB operations could be invoked from several different places, different controller methods, as well as scripts. So as not to repeat same/similar code across various controllers/scripts - common method(s) in modules make sense. While adding @auth. decorators to each calling function is an option (I would rather say workaround) - a check at the lowest level where DB operation is about to take place, seems like right thing to do. So again - is it possible ? I'm thinking to pass "auth" (and db) object to methods in modules, and then call auth.has_membership() and such in each module level method. using decorator seems easier/cleaner/nicer that's all. -Mandar On Monday, April 15, 2013 9:51:19 AM UTC+5:30, Reza Shah wrote: > > I want to have something like user controller in default.py. > def user(): > """ > exposes: > http://..../[app]/default/user/login > http://..../[app]/default/user/logout > http://..../[app]/default/user/register > http://..../[app]/default/user/profile > """ > return dict(form=auth()) > > So i would like to have: > def item(): > """ > http://..../[app]/default/item/list > http://..../[app]/default/item/add_product > """ > return dict(form=product()) > > And when user invoke url for add_product, the request should be rejected > if not login yet, i though i just decorate the add_product function in > module with @auth. > I think i should try your suggestion to check for the auth beforehand and > invoke the proper method of Product class. > > On Monday, April 15, 2013 1:03:49 AM UTC+9, Anthony wrote: >> >> Can you show the code where you are calling the add_product() method? >> Using the @auth.requires_login() decorator is not the only way to control >> access. You can also do "if auth.user:" to test for login before allowing a >> method to be called. >> >> Anthony >> >> On Sunday, April 14, 2013 7:06:15 AM UTC-4, Reza Shah wrote: >>> >>> Hi, >>> >>> I'm learning web2py and i want to put my business logic inside a class >>> in module. >>> I like to have a behaviour similar to user controller inside default.py >>> which exposes several functions. >>> >>> I have a controller item which i put inside default.py >>> def item(): >>> return dict(form=product()) >>> >>> in module i create product class >>> >>> class Product(object): >>> def __init__: >>> >>> def list(self): >>> >>> @auth.requires_login() >>> def add_product(self): >>> >>> The Product.list function can be accessed by anyone, but for adding new >>> product need user login first. >>> Is this possible? >>> Does the auth can used directly or i need to import something first? >>> >>> Thank, >>> Reza >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
