On Mar 17, 2011, at 7:29 AM, Martín Mulone wrote:
> @auth.requires(auth.has_membership(role='Admin'))
> def index():
> return dict()
>
> No longer redirect to login page, instead show not authorized message. This
> only happen in trunk.
>
The two lines marked below were removed when Massimo put in the 403-error
handling for RESTful requests, but the commit message doesn't mention them. Was
that an accident?
def requires(self, condition):
"""
decorator that prevents access to action if not logged in
"""
def decorator(action):
def f(*a, **b):
if self.settings.allow_basic_login_only and not self.basic():
<<<<<<<<<<<
return
call_or_redirect(self.settings.on_failed_authorization) <<<<<<<<<<<
if not condition:
if not self.basic() and not self.is_logged_in():
request = self.environment.request
next = URL(r=request,args=request.args,
vars=request.get_vars)
self.environment.session.flash =
self.environment.response.flash
return
call_or_redirect(self.settings.on_failed_authentication,
self.settings.login_url + \
'?_next='+urllib.quote(next))
else:
self.environment.session.flash = \
self.messages.access_denied
return
call_or_redirect(self.settings.on_failed_authorization)
return action(*a, **b)
f.__doc__ = action.__doc__
f.__name__ = action.__name__
f.__dict__.update(action.__dict__)
return f
return decorator
