Laszlo Nagy wrote: > >>> >>> Are you developing a website or a GUI program? >>> >>> >> It will be used in a web development. It is an important point? > > Yes, I think. Unless you use AJAX. :-) Most web sites work this way: > > user clicks -> request to server -> process on server -> response > > I would rather enclose the whole handler in try/except and raise a > custom PermissionDenied exception when the user has inscuficient > permissions. There are problems with a decorator used for > authorization. The context needs to be determined. E.g. which user is > accessing the method? (It can be hard to tell if the method is part of > a thread object that lies in a thread pool and is shared between > simultaneous clients...) Also it might be that the method's purpose is > to change objects of the same class, and the user has permission to > modify one object but not the other. In this case, authorization must > be done inside the function call... How do you express this with a > decorator? > > These are just ideas. You should analyze your problem and make your > decision. If you only want to restrict access to functions, then > probably using decorators is perfect. > > Best, > > Laszlo > > I post the change_pass() function as an example, there is a buch of other functions (the whole site actually) that will require a logged user. May the change_pass() function have additional control, shure, but it will be not part of the `global' requirement.
Thank you very much for your time, Laszlo Gerardo -- http://mail.python.org/mailman/listinfo/python-list
