[Twisted-web] State and web2 (or, how to not follow REST)

Clark C. Evans cce at clarkevans.com
Mon Nov 21 12:41:47 MST 2005

On IRC today, foom pointed out that my idea for distinguishing between
things that modify a request (a IRequestHandler) such as setting up a
session or authenticating a user, must also be able to happen between
IResources.  The example given was /~user/bing/my-app/foo, where
authentication (and possibly setting up a session) happens:

So, goal is to distinguish between Resources which should not be
modifying the request's context and RequestFilters which by definition
change the request. The glue can be done by having a ContextResource
that explicitly applies one or more RequestFilters on the current
request.  We can then designate a syntax for asserting that the
application of a particular IRequestFilter has been done on the request.
Anyway, just consider this a random attempt to detail the idea....

  class IRequestFilter(Interface):
          I am a filter that is applied to a given request, examples of
          a RequestFilter are, a "SessionManager", "Authenticator", etc.

      def apply(self, request):
          """ Perform necessary logic on the request, modifying the
              request's context as necessary and/or raising HTTPError
              as needed.   Ideally only an IRequestFilter modifies a
              request's context.

  class IResource:
      # same as before, adding:

      require = Attribute(
                   "A sequence of IRequestFilters which must have
                    been applied to a Request before this resource
                    is accessed")

  class IRequest(Interface):
      # same as before, adding:
      filtered = Attribute(
                  "A sequence of IRequestFilters that have been applied.")

      # since there are two objects that are so commonly used, I feel
      # that they merit their own "slot" on the Request object:

      session = Attribute("An optional ISession object added by the 

      avatar = Attribute("An optional IAvatar object added by the
                 IAuthenticateRequestFilter, or other providers of
                 an IAvatar")

  class ContextResource(Resource):  # or SiteResource, or AppResource
          I am a application or site resource which modifies the
          incoming request via a set of RequestFilters.  Only 
          ContextResources should be doing this sort of thing.
      filter = None

      def registerFilter(self, requestFilter):
          if not self.filter:
               self.filter = [requestFilter]
      def locateChild(self, request, segments):
          for filter in self.filter:
          Resource.locateChild(self, request, segments)

myapp = ContextResource()

More information about the Twisted-web mailing list