[Twisted-web] Nevow guard with other than 'root' resource
Alex Levy
twisted-web@twistedmatrix.com
Sun, 07 Mar 2004 15:49:40 -0500
--=-3mt7jZiHG4hPXBhDz7Zy
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Sun, 2004-03-07 at 15:04, Christopher Armstrong wrote:
> James Y Knight wrote:
> > Janne mentioned on IRC that the actual goal is to be able to ask for=20
> > username/password login for some children but not others. Thus, I=20
> > suspect a solution where the SessionWrapper is on the root, but is=20
> > configured somehow to not require login except for certain resources=20
> > would work.
> >=20
> > I dunno how to do that but it looks probably possible from the API?
>=20
> It was certainly possible with woven.guard; you could pass in two=20
> separate resources, one for anon and one for loggedin. Of course those=20
> resources could also look at the session to see if the user is logged=20
> in, then redirect to the login screen if necessary. No idea how=20
> nevow.guard works.
Here's what I've been doing:
--snip--
from twisted.cred import checkers
from nevow import compy
from nevow import inevow
from nevow import rend
class ICurrentUser(compy.Interface):
pass
class User:
pass
ANONYMOUS =3D User()
class SimpleRealm:
def requestAvatar(self, avatar_id, mind, *interfaces):
if inevow.IResource in interfaces:
if avatar_id is checkers.ANONYMOUS:
user =3D ANONYMOUS
else:
user =3D createSomeUser(avatar_id)
resc =3D createRootResource()
resc.realm =3D self
# The resource will remember this into its context, or
# keep it around until it has one.
resc.remember(user, ICurrentUser)
return (inevow.IResource, resc, lambda:None)
class MyResource(rend.Page):
def getCurrentUser(self, ctx=3DNone):
if ctx is None:
ctx =3D self.context
if ctx is None:
print "Hey, why can't I find a context?"
return ANONYMOUS
return ctx.locate(ICurrentUser)
def isLoggedIn(self, ctx=3DNone):
return self.getCurrentUser(ctx) is not ANONYMOUS
--snip--
...then you can make render_* functions that display or hide parts of
the web page based on the user. You can also make a LoggedInOnlyResource
class that redirects to guard.LOGIN_AVATAR whenever it sees that the
user isn't logged in.
I'd be interested, though, in hearing what other ways people might have
for accomplishing stuff like this.
--=20
Alex Levy
WWW: http://mesozoic.geecs.org
"Never let your sense of morals prevent you from doing what is right."
-- Salvor Hardin, Isaac Asimov's _Foundation_
--=-3mt7jZiHG4hPXBhDz7Zy
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQBAS4rjVM70CYlRlK4RAmWxAJ9Oq/AA6V5hxadAGtzYUq7VvKEY+ACgxdlk
A1JB1PLBgGl7VaQ1YfW4XK8=
=mPUh
-----END PGP SIGNATURE-----
--=-3mt7jZiHG4hPXBhDz7Zy--