Restricting access to some parts of a site. Google App Engine webapp
Question
I'm putting user privileges identificator in user sessions after authentication. How to restrict access to some parts of the site depending on user privileges. For now I'm checking privileges within page handlers but how to make it better?
Are there any existing templates of doing this? Could you give an example?
2 answers
solution1
5 ACCPTED 2009-07-31 11:36:06
You can define decorators to make this easier. For example:
def requiresUser(fun):
def decorate(*args, **kwargs):
if not users.get_current_user():
self.error(403)
else:
fun(*args, **kwargs)
return decorate
def requiresAdmin(fun):
def decorate(*args, **kwargs):
if not users.is_current_user_admin():
self.error(403)
else:
fun(*args, **kwargs)
return decorate
And to use them, just decorate handler methods:
class NewsHandler(webapp.RequestHandler):
# Only logged in users can read the news
@requiresUser
def get(self):
# Do something
# Only admins can post news
@requiresAdmin
def post(self):
# Do something
solution2
1 2009-07-31 08:18:24
If you want to restrict certain areas to only admins of your app you can put the following into app.yaml
- url: /url.*
script: path.py
login: admin
otherwise you can check when someone
class PathHandler(webapp.RequestHandler):
def get(self):
if users.get_current_user():
pass #do something
else:
self.error(403) #Access denied
def post(self):
if users.get_current_user():
pass #do something
else:
self.error(403) #Access denied
EDIT: http://code.google.com/p/gdata-python-client/source/browse/#svn/trunk/samples/oauth/oauth_on_appengine has examples of using OAuth on appengine
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.