On Thu, Jun 12, 2008 at 8:44 AM, Alberto Valverde <[EMAIL PROTECTED]> wrote:
>> What's the practical difference between controller based approach and
>> views based one? Eg. Django views, and controllers in Pylons? It
>> doesn't seem that much different, so why not make all controller
>> actions regular functions, instead of class methods? What's the gain
>> in this controller approach, if any? :)
>
> You can take a look at a real app's Pylons REST controller that powers
> beta.toscawidgets.org here [1]. (Not that other apps are "unreal".. I mean
> that it's not a MyFirstBlog tutorial ;)
>
> * The __before__ method (which is executed before any method) performs
> basic authorization and binds the object being exposed, if any, at an
> attribute in self. This avoids repeating this code in every controller
> action and is much simpler to implement properly than decorators.
What "object being exposed" do you mean? (The links on the site are
giving a Bad Gateway error, so I can't check this myself.) You mean
something that's nominally being protected by the authorization?
I use a ._process_id(id) method to validate the ID and attach it and
the ORM object to self, and a separate ._REQUIRE_PERM("permname")
method for authorization. Also, because some actions have an id and
others don't, or because you need a parent's ID to create a child
object or index of children, sometimes I'm calling
._process_id_for_parent() and sometimes ._process_id_for_child() in
the same controller, which is too fine-grained for .__before__.
--
Mike Orr <[EMAIL PROTECTED]>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to pylons-discuss@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en
-~----------~----~----~----~------~----~------~--~---
