Changes between Version 83 and Version 84 of BluePrintAuthorization


Ignore:
Timestamp:
06/22/10 15:00:39 (14 years ago)
Author:
Fran Boon
Comment:

Use shn_has_role for function restriction

Legend:

Unmodified
Added
Removed
Modified

  • BluePrintAuthorization

    v83 v84  
    9393
    9494=== Function restriction ===
    95  * ~~Decorator function : @auth.requires_membership("Administrator")~~
    96   * doesn't support OR, doesn't support NOT
    97   * not efficient now we have {{{session.s3.roles}}}
    98  * We need a function which efficiently handles OR, AND & NOT. With roles cached in session, this should be easy:
     95 * Decorator function:
     96  * ~~@auth.requires_membership("Administrator")~~
     97   * doesn't support OR, doesn't support NOT
     98   * not efficient now we have {{{session.s3.roles}}}
     99 * We need a function which efficiently handles OR, AND & NOT. With roles cached in session, this is easy:
    99100{{{
    100101def myfunction():
    101     roles = session.s3.roles
    102     if not 1 in roles or (deployment_settings.auth.roles["BadRole1"] in roles and deployment_settings.auth.roles["BadRole2"] in roles) and not deployment_settings.auth.roles["GoodRole"] in roles:
     102    if not shn_has_role(1) or (shn_has_role("BadRole1") and shn_has_role("BadRole2")) and not shn_has_role("GoodRole"):
    103103        # redirect out
    104104    ...