How can I protect the entire controller to be available only for logged in users?

[David Marko]

How can I protect the entire controller to be available only for logged in users? Something like @auth.requires_login() but for the entire controller instead of each method ?

[Marin Pranjić]

put the logic on top of controller file:

if not auth.is_logged_in():

    redirect( ... )

On Wed, Jul 24, 2013 at 1:38 PM, David Marko <dma...@tiscali.cz> wrote:

How can I protect the entire controller to be available only for logged in users? Something like @auth.requires_login() but for the entire controller instead of each method ?

--
 
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Anthony]

On Wednesday, July 24, 2013 7:56:48 AM UTC-4, Marin Pranjić wrote:

put the logic on top of controller file:

if not auth.is_logged_in():

    redirect( ... )

Or if you want to get the automatic redirect and messaging behavior of the @auth.requires_login() decorator, you can use this trick:

# At the top of the controller
auth.requires_login()(lambda: None)()

auth.requires_login() returns a decorator that takes a function and returns another function -- above just passes a dummy lambda function to the decorator and then calls the resulting function to run the requires_login code (note, you should not precede auth.requires_login() with the @ symbol in this case). Works with the other Auth decorators as well (all of which ultimately call auth.requires(), which is the method that produces the decorator).

Anthony

[Richard Vézina]

Anthony, what the advantage of that over @auth.requires_login() ??

Thanks

Richard

On Wed, Jul 24, 2013 at 9:36 AM, Anthony <abas...@gmail.com> wrote:

On Wednesday, July 24, 2013 7:56:48 AM UTC-4, Marin Pranjić wrote:

put the logic on top of controller file:

if not auth.is_logged_in():

    redirect( ... )

Or if you want to get the automatic redirect and messaging behavior of the @auth.requires_login() decorator, you can use this trick:

# At the top of the controller
auth.requires_login()(lambda: None)()

auth.requires_login() returns a decorator that takes a function and returns another function -- above just passes a dummy lambda function to the decorator and then calls the resulting function to run the requires_login code. Works with the other Auth decorators as well (all of which ultimately call auth.requires(), which is the method that produces the decorator).

Anthony

--

[Anthony]

On Wednesday, July 24, 2013 10:34:22 AM UTC-4, Richard wrote:

Anthony, what the advantage of that over @auth.requires_login() ??

@auth.requires_login() has to be applied separately to each function you want to protect. David asked about protecting an entire controller. To avoid having to repeat the same decorator on every function in the controller (possibly forgetting when you add a new function), you can instead protect the entire controller with a single line at the top.

You can also do it in a model file to protect the entire application, but in that case you should add some logic to exclude /default/user from the check -- otherwise, users won't be able to get to the login page.

Anthony

[Richard Vézina]

Ok, Thank you for clarification!

Richard

Anthony