Hmmm... that is in the book...I will revert the changes. Massimo
On Mar 17, 12:10 pm, Martín Mulone <mulone.mar...@gmail.com> wrote: > I currently developing this application this why this problem came :P. So I > can make the proper changes. Also have to make the proper changes > tohttp://web2py.com/book/default/chapter/08#Combining-Requirements > > 2011/3/17 Massimo Di Pierro <massimo.dipie...@gmail.com> > > > > > > > > > > > for example > > > auth.requires(request.ajax) > > > you can do > > > @auth.requires(auth.user and (auth.has_membership(role='Admin') or \ > > auth.has_membership(role='Soporte') or \ > > auth.has_membership(role='Consulta_Soporte') or \ > > auth.has_membership(role='Consulta_Clientes'))) > > > Anyway, if this turns out to be a major backward compatibility issue > > for you, I will revert it today. > > > Massimo > > > On Mar 17, 11:53 am, Martín Mulone <mulone.mar...@gmail.com> wrote: > > > The problem was that I remove the others conditions (to make it more > > basic), > > > this is the code that brings the fail: > > > > @auth.requires(auth.has_membership(role='Admin') or \ > > > auth.has_membership(role='Soporte') or \ > > > auth.has_membership(role='Consulta_Soporte') or \ > > > auth.has_membership(role='Consulta_Clientes') ) > > > > or there are a better way?. I only can imagine that auth require to be > > > logged-in, what other kind of authorization we have without login? > > > > 2011/3/17 Massimo Di Pierro <massimo.dipie...@gmail.com> > > > > > I considered this a bug fix but I am open to discussion. > > > > > This > > > > > @auth.requires(auth.has_membership(role='Admin')) > > > > > should have been > > > > > @auth.requires_membership(role='Admin') > > > > > OR > > > > > @auth.requires(auth.user and auth.has_membership(role='Admin')) > > > > > Before > > > > > @auth.requires(...) > > > > > was assuming a logged-in user thus settings a restriction on the > > > > usage. auth.requires may be used for example restrict access based on > > > > some other condition than login. Or did we say auth.requires always > > > > requires login? > > > > > Massimo > > > > > On Mar 17, 10:25 am, Jonathan Lundell <jlund...@pobox.com> wrote: > > > > > On Mar 17, 2011, at 7:29 AM, Martín Mulone wrote: > > > > > > > @auth.requires(auth.has_membership(role='Admin')) > > > > > > def index(): > > > > > > return dict() > > > > > > > No longer redirect to login page, instead show not authorized > > message. > > > > This only happen in trunk. > > > > > > The two lines marked below were removed when Massimo put in the > > 403-error > > > > handling for RESTful requests, but the commit message doesn't mention > > them. > > > > Was that an accident? > > > > > > def requires(self, condition): > > > > > """ > > > > > decorator that prevents access to action if not logged in > > > > > """ > > > > > > def decorator(action): > > > > > > def f(*a, **b): > > > > > if self.settings.allow_basic_login_only and not > > > > self.basic(): <<<<<<<<<<< > > > > > return > > > > call_or_redirect(self.settings.on_failed_authorization) > > <<<<<<<<<<< > > > > > > if not condition: > > > > > if not self.basic() and not self.is_logged_in(): > > > > > request = self.environment.request > > > > > next = URL(r=request,args=request.args, > > > > > vars=request.get_vars) > > > > > self.environment.session.flash = > > > > self.environment.response.flash > > > > > return > > > > call_or_redirect(self.settings.on_failed_authentication, > > > self.settings.login_url + > > > > \ > > > > > '?_next='+urllib.quote(next)) > > > > > else: > > > > > self.environment.session.flash = \ > > > > > self.messages.access_denied > > > > > return > > > > call_or_redirect(self.settings.on_failed_authorization) > > > > > return action(*a, **b) > > > > > f.__doc__ = action.__doc__ > > > > > f.__name__ = action.__name__ > > > > > f.__dict__.update(action.__dict__) > > > > > return f > > > > > > return decorator > > > > -- > > > Pablo Martín Mulone (mar...@tecnodoc.com.ar)http://www.tecnodoc.com.ar/ > > > > My blog:http://martin.tecnodoc.com.ar > > > Expert4Solution Profile: > >http://www.experts4solutions.com/e4s/default/expert/6 > > -- > Pablo Martín Mulone (mar...@tecnodoc.com.ar)http://www.tecnodoc.com.ar/ > > My blog:http://martin.tecnodoc.com.ar > Expert4Solution Profile:http://www.experts4solutions.com/e4s/default/expert/6
