On Mon, Jan 26, 2009 at 4:49 PM, Gustavo Narea <m...@gustavonarea.net> wrote: > Hello, Florent! > > On Monday January 26, 2009 13:55:07 Florent Aide wrote: >> The issue is that the request to the db needs to filter based on a >> parameter that is posted on the controller method I protected with >> @require. >> At the moment the check_auth function takes only "predicate" and >> "environ" and I'd like to add some *args, **kwargs to pass in the >> params that would then go to the decorated controller. > > You can do something like this (not tested but should work): > > from paste.request import parse_formvars, parse_querystring > from repoze.what.predicates import Predicate > > from yourcoolapplication.model import BlogPost, DBSession > > class can_edit_post(Predicate): > message = 'Post %(post_id)s can only be edited by its author' > > def __init__(self, post_id_variable='post_id', variable_type='GET' > **kwargs): > self.post_id_variable = post_id_variable > self.variable_type = variable_type > super(can_edit_post, self).__init__(**kwargs) > > def evaluate(self, environ, credentials): > # Extracting the post Id from the POST/GET variables > include_get_vars = self.variable_type == 'GET' > vars = parse_formvars(environ, include_get_vars)
this won't work with urls of the form: /blog/post/post_id and thus we'll need to devise something more, like introspection of the decorated controller's method's args... Florent. _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
