You are right. That would be best. Want to send me a patch?
On Sep 23, 2:26 am, Niphlod <niph...@gmail.com> wrote:
> I'll try in other words..... I/we (users building rest api) don't want
> the user to be redirected to any page (my own or the default really
> doesn't matter)...all the decorators seems to redirect
> somewhere....instead they "should" call a function (maybe by default a
> redirect, in order to don't break backword compatibility) that, for
> example, I/we can modify raising a 404.
>
> On 22 Set, 21:38, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > You want to disable the login page.
>
> > You can try
> > auth.settings.actions_disabled.append('login')
> > auth.settings.actions.login_url=URL('your_own_error_page')
>
> > On Sep 22, 2:27 pm, Niphlod <niph...@gmail.com> wrote:
>
> > > I'm really sorry....
>
> > > I'm looking for an answer to this question:
> > > 2) I saw what auth.settings.allow_basic_login = True does (and
> > > auth.basic()) and it "allows" the basic authentication in addition to
> > > the default auth (also with disabled actions). Maybe the default auth
> > > can be shut down totally?
>
> > > That is quite clear, I guess... I can't find a way to shut down
> > > default auth and leave only basic auth as the default method for login
>
> > > let's explain in other words the other "feature request" instead...
>
> > > I don't know in deep all the auth module, but (at least for me) is the
> > > one that is less "usable" when you create web services.
> > > what I'm asking is the best way (i.e. the less error prone way) to
> > > have the auth decorators to return/raise an http status instead of
> > > raising a redirect to login page or the "user" controller.
> > > Right now it seems that you can configure quite all, but all you can
> > > configure is where the user will be redirected when the authorization
> > > fails....
>
> > > If you want to create an interface to a web api, maybe a REST one, you
> > > rarely need to redirect someone to the login page if he is not a valid
> > > user, nor you need to redirect him if he is a valid user without the
> > > permissions to access a particular controller/resource...you just tell
> > > him it's not authorized (the "recommended" behaviour would be to raise
> > > a 404).
>
> > > Going by hand to patch the auth module substituting all redirects to
> > > something else or creating a new one from scratch seems a little bit a
> > > long catch...maybe who planned and coded the auth module will figure
> > > out a "smart" way to enable this behaviour...and I think that web2py
> > > will be a good contender to django-piston or other frameworks of
> > > choice when you are going to create a web [RESTful] API.- Nascondi testo
> > > citato
>
> > - Mostra testo citato -
>
>
