views:

36

answers:

1

I would like to create a repoze custom predicate checker that is capable to access url parameters and validate something. But I would like to use allow_only to set this permission checker in all the controller's scope. Something like:

class MyController(BaseController):

    allow_only = All(not_anonymous(msg=l_(u'You must be logged on')),
                     my_custom_predicate(msg=l_(u'something wrong')))

    def index(self, **kw):
        return dict()

then, my_custom_predicate should check the url paramters for every request in every MyController method, and do whatever it do. The problem is just that: how to allow my_custom_predicate to check the url parameters, using it in that way I wrote above.

A: 

May be you need to use ControllerProtector

from repoze.what.plugins.pylonshq import ControllerProtector

allow_only = All(not_anonymous(msg=l_(u'You must be logged on')),
                     my_custom_predicate(msg=l_(u'something wrong')))

@ControllerProtector(allow_only)
class MyController(BaseController):

    def index(self, **kw):
        return dict()

See docs at http://code.gustavonarea.net/repoze.what-pylons/API.html

estin
Ok, this is very similar to use allow_only in the controller scope. But how my_custom_predicate will know the **kw values passed to index?
Use global request object. kw = request.environ['pylons.routes_dict']
estin