[Twisted-web] Nevow guard with other than 'root' resource

Alex Levy twisted-web@twistedmatrix.com
Sun, 07 Mar 2004 15:49:40 -0500 

--=-3mt7jZiHG4hPXBhDz7Zy
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sun, 2004-03-07 at 15:04, Christopher Armstrong wrote:
> James Y Knight wrote:
> > Janne mentioned on IRC that the actual goal is to be able to ask for=20
> > username/password login for some children but not others. Thus, I=20
> > suspect a solution where the SessionWrapper is on the root, but is=20
> > configured somehow to not require login except for certain resources=20
> > would work.
> >=20
> > I dunno how to do that but it looks probably possible from the API?
>=20
> It was certainly possible with woven.guard; you could pass in two=20
> separate resources, one for anon and one for loggedin. Of course those=20
> resources could also look at the session to see if the user is logged=20
> in, then redirect to the login screen if necessary. No idea how=20
> nevow.guard works.

Here's what I've been doing:

--snip--

from twisted.cred import checkers
from nevow import compy
from nevow import inevow
from nevow import rend

class ICurrentUser(compy.Interface):
    pass
class User:
    pass
ANONYMOUS =3D User()

class SimpleRealm:
    def requestAvatar(self, avatar_id, mind, *interfaces):
        if inevow.IResource in interfaces:
            if avatar_id is checkers.ANONYMOUS:
                user =3D ANONYMOUS
            else:
                user =3D createSomeUser(avatar_id)
            resc =3D createRootResource()
            resc.realm =3D self
            # The resource will remember this into its context, or
            # keep it around until it has one.
            resc.remember(user, ICurrentUser)
            return (inevow.IResource, resc, lambda:None)

class MyResource(rend.Page):
    def getCurrentUser(self, ctx=3DNone):
        if ctx is None:
            ctx =3D self.context
        if ctx is None:
            print "Hey, why can't I find a context?"
            return ANONYMOUS
        return ctx.locate(ICurrentUser)

    def isLoggedIn(self, ctx=3DNone):
        return self.getCurrentUser(ctx) is not ANONYMOUS

--snip--

...then you can make render_* functions that display or hide parts of
the web page based on the user. You can also make a LoggedInOnlyResource
class that redirects to guard.LOGIN_AVATAR whenever it sees that the
user isn't logged in.

I'd be interested, though, in hearing what other ways people might have
for accomplishing stuff like this.

--=20
Alex Levy
WWW: http://mesozoic.geecs.org

"Never let your sense of morals prevent you from doing what is right."
-- Salvor Hardin, Isaac Asimov's _Foundation_


--=-3mt7jZiHG4hPXBhDz7Zy
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBAS4rjVM70CYlRlK4RAmWxAJ9Oq/AA6V5hxadAGtzYUq7VvKEY+ACgxdlk
A1JB1PLBgGl7VaQ1YfW4XK8=
=mPUh
-----END PGP SIGNATURE-----

--=-3mt7jZiHG4hPXBhDz7Zy--