[Twisted-web] Newov Login Forward

Andy Gayton andy at thecablelounge.com
Tue Feb 22 19:02:27 MST 2005

noema wrote:

> I kind of want to preseerve the tree structure so one can see the 
> current location in the url field -- e.g a user's home directory should 
> always be /user/username. Processing a different RootPage(rend.Page) 
> depending on which user has logged is almost like remounting root to the 
> user's home dir on linux. In my case I would just want to move deeper 
> into the dir tree to a certain home dir.

Your analogy is a good one and in imo highlights the strength of 
cred/guard's way of doing things.

In a tradional web app your functionality is available through urls to 
files that offer that functionality.  Since your file structure is fixed 
all functionality must always be exposed via urls and your files have to 
have a bunch of if statements to modify or turn off functionality as 

You also have to handle a lot more cases:

once a user logs in, when they go to / (the login page) do they still 
see the same login page, or a page saying you've logged in, or (i think 
this is the one your after?) should they be redirected to /user/username.

If they go to the url /user/boss but are logged in as /user/username how 
should this be handled?

Difficult to ensure you've got it right and haven't left a hole.

With cred - your application does everything through an avatar - and 
like a chroot you've got a certain guarantee of security since if the 
user is not allowed to do something, their avatar should simply be 
physically incapable of doing it - no if statements ..

If your ok with the above, but still wanted the /user/username for 
cosmetics, you could have the realm return a page which redirects itself 
and all children not /user/username to /user/username and sets up a 
child /user/username that does the meat ?

There's probably a better way of pulling that off though?

Otherwise your likely looking at dropping guard and always having the 
same site tree with if statements at the nodes controlling behaviour 
whether the user is logged in or not / type of user  ...


More information about the Twisted-web mailing list