[Twisted-web] Newov Login Forward
Andy Gayton
andy at thecablelounge.com
Tue Feb 22 19:02:27 MST 2005
noema wrote:
> I kind of want to preseerve the tree structure so one can see the
> current location in the url field -- e.g a user's home directory should
> always be /user/username. Processing a different RootPage(rend.Page)
> depending on which user has logged is almost like remounting root to the
> user's home dir on linux. In my case I would just want to move deeper
> into the dir tree to a certain home dir.
Your analogy is a good one and in imo highlights the strength of
cred/guard's way of doing things.
In a tradional web app your functionality is available through urls to
files that offer that functionality. Since your file structure is fixed
all functionality must always be exposed via urls and your files have to
have a bunch of if statements to modify or turn off functionality as
required.
You also have to handle a lot more cases:
once a user logs in, when they go to / (the login page) do they still
see the same login page, or a page saying you've logged in, or (i think
this is the one your after?) should they be redirected to /user/username.
If they go to the url /user/boss but are logged in as /user/username how
should this be handled?
Difficult to ensure you've got it right and haven't left a hole.
With cred - your application does everything through an avatar - and
like a chroot you've got a certain guarantee of security since if the
user is not allowed to do something, their avatar should simply be
physically incapable of doing it - no if statements ..
If your ok with the above, but still wanted the /user/username for
cosmetics, you could have the realm return a page which redirects itself
and all children not /user/username to /user/username and sets up a
child /user/username that does the meat ?
There's probably a better way of pulling that off though?
Otherwise your likely looking at dropping guard and always having the
same site tree with if statements at the nodes controlling behaviour
whether the user is logged in or not / type of user ...
Andy.
More information about the Twisted-web
mailing list