I basically agree you. I use auth decorators with my functions. This is just an extra security mechanism, set once in one single place. Then you forget about it. It only has sense in some kind of applications.
It could be used instead of auth decorators only in extremelly simple apps where you have access to all or nothing. Regards. El jueves, 12 de febrero de 2015, 12:34:08 (UTC+1), Leonel Câmara escribió: > > I think the first one (with more exceptions for register, lost password, > etc) is an acceptable solution. > > However, when you start making more exceptions then it just starts being > messy, unreadable, and I would just start decorating my controller > functions (all of them if necessary). That's why it's a decorator so you > only put it where it's needed. I don't want to parse a bunch of complicated > if conditions in a model file to know if a function in a controller > (another file) requires login, it's high cognitive load I don't want in my > code. > > > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
