I can't find in the doc how certain or all of view functions can be protected from anonymous (or any other 'custom' protection) please point me out where to look at
Please clarify. What do you mean by anonymous here? Are you talking of authentication? On Sun, Feb 20, 2011 at 3:19 PM, Aleksei Pokrevskiy <kpdpok@gmail.com>wrote: > I can't find in the doc how certain or all of view functions can be > protected from anonymous (or any other 'custom' protection) > please point me out where to look at > -- Ishbir Singh
yes 2011/2/20 Ishbir Singh <ishbir24@gmail.com>: > Please clarify. What do you mean by anonymous here? Are you talking of > authentication? > > On Sun, Feb 20, 2011 at 3:19 PM, Aleksei Pokrevskiy <kpdpok@gmail.com> > wrote: >> >> I can't find in the doc how certain or all of view functions can be >> protected from anonymous (or any other 'custom' protection) >> please point me out where to look at > > > -- > Ishbir Singh >
Christian Ştefănescu login_required is good, but how can I protect my whole application? Ishbir Singh yes 2011/2/20 Ishbir Singh <ishbir24@gmail.com> > > Please clarify. What do you mean by anonymous here? Are you talking of authentication? > > On Sun, Feb 20, 2011 at 3:19 PM, Aleksei Pokrevskiy <kpdpok@gmail.com> wrote: >> >> I can't find in the doc how certain or all of view functions can be protected from anonymous (or any other 'custom' protection) >> please point me out where to look at > > > -- > Ishbir Singh
Well, you will have to use something like the login_required decorator
that Christian
Ştefănescu mentioned. What I do in my projects is, that I create an auth.py
file in the modules folder or wherever you prefer.
These are the contents of the auth.py file- http://pastebin.com/eEGZVkJR
<http://pastebin.com/eEGZVkJR>The general idea would remain the same. You
would most definitely have to do some modifications to the auth.py file to
get it work with your application. In a view, import it using something like
this-
from modules.auth import check_auth, auth_conditions, is_admin
@app.route('/secret')
@auth_conditions(is_admin)
@check_auth
def somefunc():
return 'Works'
You could probably modify the check_auth function to accept the
auth_conditions without the need of a separate decorator; but I'm just too
lazy to do that. You can also omit check_conditions if you just need the
user to be logged in.
Hope it helps,
Ishbir Singh
On Sun, Feb 20, 2011 at 3:34 PM, Aleksei Pokrevskiy <kpdpok@gmail.com>wrote:
> Christian Ştefănescu
> login_required is good, but how can I protect my whole application?
>
> Ishbir Singh
> yes
>
> 2011/2/20 Ishbir Singh <ishbir24@gmail.com>
> >
> > Please clarify. What do you mean by anonymous here? Are you talking of
> authentication?
> >
> > On Sun, Feb 20, 2011 at 3:19 PM, Aleksei Pokrevskiy <kpdpok@gmail.com>
> wrote:
> >>
> >> I can't find in the doc how certain or all of view functions can be
> protected from anonymous (or any other 'custom' protection)
> >> please point me out where to look at
> >
> >
> > --
> > Ishbir Singh
>
--
Ishbir Singh
Try the login_required decorator: http://flask.pocoo.org/docs/patterns/viewdecorators/?highlight=login_required On Sun, Feb 20, 2011 at 10:49 AM, Aleksei Pokrevskiy <kpdpok@gmail.com>wrote: > I can't find in the doc how certain or all of view functions can be > protected from anonymous (or any other 'custom' protection) > please point me out where to look at >
login_required is good, but how can I protect my whole application? 2011/2/20 Christian Ştefănescu <st.chris@gmail.com>: > Try the login_required > decorator: http://flask.pocoo.org/docs/patterns/viewdecorators/?highlight=login_required > > On Sun, Feb 20, 2011 at 10:49 AM, Aleksei Pokrevskiy <kpdpok@gmail.com> > wrote: >> >> I can't find in the doc how certain or all of view functions can be >> protected from anonymous (or any other 'custom' protection) >> please point me out where to look at >
Le 20/02/2011 19:14, Aleksei Pokrevskiy a écrit : > login_required is good, but how can I protect my whole application? Hi, See how login_required redirects to the login page? You can do the same in a function decorated with @app.before_request. If such a function returns something, that is used as a response and the normal request handling is skipped. Be careful not to redirect when you are already serving the login page. To detect that use request.path (the path part of the URL) or, maybe better, request.url_rule.endpoint (the name of the view about to be called.) Regards, -- Simon Sapin http://exyr.org
Hey, I myself did not think of this. This seems to be a nice solution! Thanks for the tip! I'll also have a look at Flask Principal.. I didn't know about its existence so had to cook something up manually. By the way, where's the list of all the Flask extensions? I can't seem to find one. On Sun, Feb 20, 2011 at 4:00 PM, Simon Sapin <simon.sapin@exyr.org> wrote: > Le 20/02/2011 19:14, Aleksei Pokrevskiy a écrit : > > login_required is good, but how can I protect my whole application? > > Hi, > > See how login_required redirects to the login page? You can do the same > in a function decorated with @app.before_request. If such a function > returns something, that is used as a response and the normal request > handling is skipped. > Be careful not to redirect when you are already serving the login page. > To detect that use request.path (the path part of the URL) or, maybe > better, request.url_rule.endpoint (the name of the view about to be > called.) > > Regards, > -- > Simon Sapin > http://exyr.org > -- Ishbir Singh
Le 20/02/2011 19:34, Ishbir Singh a écrit : > By the way, where's the list of all the Flask extensions? I can't seem > to find one. There is a list here: http://flask.pocoo.org/extensions/ And then some more if you search on PyPI. Regards, -- Simon Sapin http://exyr.org
On Sun, Feb 20, 2011 at 3:44 PM, Aleksei Pokrevskiy <kpdpok@gmail.com> wrote: > login_required is good, but how can I protect my whole application? May be you are looking for something like this ? http://packages.python.org/Flask-Principal/ -- Baiju M