[google-appengine] Are entities returned by value or by reference?
Hello, In my code I have two variables that point to an entity that is the result of some query. I then modify some of the properties using one of the variables and then call put() on that variable. These changes do not propagate to the 2nd variable that was pointing to that entity. This leads me to believe that these are just copies of the underlying datastore record and not references. Is this correct? What's the best practice when it comes to things like this? i.e., I have a session variable that is a datastore entity with all the user's info. Some parts of my site may make changes to this entity and update the datastore, but the session entity does not see these changes unless I re-query the datastore. Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Template Inheritance included with vanilla GAE?
Do we get template inheritance with vanilla gae or do i have to integrate with Django? If we do get it by default, how will gae know where to look for the base.html file? e.g., {{% extends "base.html" %}} Will gae know where to look for base.html? Do I have to give it a relative/absolute path? Is there some search path variable that needs to be set? Thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] updating entity in session issue
Hi all, In my app I am using gae-utilities sessions. One of my sessions variables is an entity that I retrieve from the datastore which holds reference properties to various other entities describing the user (e.g., his address data, her profile data, etc). example: class UserStatic(db.Model): firstName = db.StringProperty() mi= db.StringProperty() lastName = db.StringProperty() class User(db.Model): password = db.StringProperty() static= db.ReferenceProperty(UserStatic) so I have something like: self.sess = Session() self.sess['user'] = User.get_by_key_name('jo...@gmail.com') Now let's say I modify something in the user's static data: static = self.sess['user'].static static.firstName = 'frank' static.put() The problem is that self.sess['user'].static (or I guess self.sess ['user']) won't have the updated value unless I re-query the datastore. Something like: self.sess['user'] = User.get_by_key_name('jo...@gmail.com') Am I doing it wrong or is this how it's supposed to work? Thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Proper way to use sessions
Thanks! Really good info here. Much appreciated. On Jan 28, 10:34 am, Blixt wrote: > Yup, it certainly is rather straight-forward. I'll give you a short > history of descriptors. > > Before descriptors, the equivalent was to do this: > class UserSettings(webapp.RequestHandler): > def get(self): > # [do stuff] > get = require_login(get) > > As you can see, due to Python's very dynamic nature, you can treat > functions just as variables and reassign them and pass them around. In > this case, they're being sent to the require_login() method which in > turn is expected to return another function to replace the get() > function (furthermore, it is expected to exhibit the same behavior as > before, but with some added functionality, which in this case would be > requiring the user to log in.) > > The Python developers figured that this was so useful and commonly > practiced that it warranted its own syntax. Not least because it was > considered counter-intuitive to put something that relates to the > function after it, rather than close to its definition. Having to > write the function name three times wasn't ideal either. And so, after > a lot of debating the syntax, they decided that putting an at-sign > followed by a reference to a function that would replace the user's > function in front of the user's function (quite a mouthful!) would > replace the old way of doing it. Like so: > class UserSettings(webapp.RequestHandler): > @require_login > def get(self): > # [do stuff] > > So the above code is equivalent to the code before it. > > Now I hope descriptors make sense to you. Here's how you'd make one: > def require_login(func): > def check_login(request): > if not [user is logged in]: > request.redirect('/login') > return > func(request) > return check_login > > On Jan 28, 3:51 pm, solidus wrote: > > > I tried looking online on how to define a descriptor and it looks > > fairly straightforward, but I don't see how to incorporate it with the > > @ syntax that google's @requier_login uses. Can you point me in the > > right direction or show me a a way to do this? > > > Thanks again! > > > On Jan 28, 9:09 am, Blixt wrote: > > > > Oh and regarding your second question: > > > This behavior can be implied to the user's browser by not sending an > > > expiry header for the cookie that holds the session id. I don't know > > > if gaeutilities let's you specify this, but I would assume it does. > > > > If you want to truly enforce it on the server side, you can add a > > > timestamp to your sessions in the datastore and not let the user > > > continue using a session if the session hasn't been requested for x > > > amount of time. The timestamp would be updated every time the session > > > is requested so that the session only expires if the user stops using > > > the page for a while (which would imply that the user has left the > > > page.) > > > > On Jan 28, 3:02 pm, Blixt wrote: > > > > > If you're familiar with Python: > > > > If you've got separate request handlers for the parts of the site that > > > > require login and the parts that don't, you can make a function > > > > descriptor that checks if the user is logged in before calling the > > > > actual function. If the user is not logged in, it redirects to a login > > > > page. Then you can use this descriptor on the get / post methods. > > > > > Google provides this functionality with their @require_login > > > > descriptor that redirects to the Google Accounts login page if the > > > > user is not logged in, but this doesn't work when rolling your own > > > > authentication system, obviously. > > > > > If you're not familiar with Python: > > > > The simplest way is probably to just make a function you can call that > > > > returns True if the user is logged in. If the user is not logged in, > > > > it redirects the user to your login page, then returns False. In your > > > > actual get / post method you check whether the result of this function > > > > is False, and if so, you leave the method: > > > > > def logged_in(request): > > > > if [user is logged in]: > > > > return True > > > > request.redirect('/login') > > > > return False > > > > > class UserSettings(webapp.Request
[google-appengine] Re: Proper way to use sessions
I tried looking online on how to define a descriptor and it looks fairly straightforward, but I don't see how to incorporate it with the @ syntax that google's @requier_login uses. Can you point me in the right direction or show me a a way to do this? Thanks again! On Jan 28, 9:09 am, Blixt wrote: > Oh and regarding your second question: > This behavior can be implied to the user's browser by not sending an > expiry header for the cookie that holds the session id. I don't know > if gaeutilities let's you specify this, but I would assume it does. > > If you want to truly enforce it on the server side, you can add a > timestamp to your sessions in the datastore and not let the user > continue using a session if the session hasn't been requested for x > amount of time. The timestamp would be updated every time the session > is requested so that the session only expires if the user stops using > the page for a while (which would imply that the user has left the > page.) > > On Jan 28, 3:02 pm, Blixt wrote: > > > > > If you're familiar with Python: > > If you've got separate request handlers for the parts of the site that > > require login and the parts that don't, you can make a function > > descriptor that checks if the user is logged in before calling the > > actual function. If the user is not logged in, it redirects to a login > > page. Then you can use this descriptor on the get / post methods. > > > Google provides this functionality with their @require_login > > descriptor that redirects to the Google Accounts login page if the > > user is not logged in, but this doesn't work when rolling your own > > authentication system, obviously. > > > If you're not familiar with Python: > > The simplest way is probably to just make a function you can call that > > returns True if the user is logged in. If the user is not logged in, > > it redirects the user to your login page, then returns False. In your > > actual get / post method you check whether the result of this function > > is False, and if so, you leave the method: > > > def logged_in(request): > > if [user is logged in]: > > return True > > request.redirect('/login') > > return False > > > class UserSettings(webapp.RequestHandler): > > def get(self): > > if not logged_in(self): return > > # show page > > > On Jan 28, 3:13 am, solidus wrote: > > > > Hi all, > > > > I'm new to appengine and somewhat new to web development. My question > > > is regarding proper ways to use sessions. > > > > I'm currently messing around using the gaeutilities sessions module. I > > > have a basic login page and some content. The question is what is the > > > standard/best practice way to ensure that users aren't accessing parts > > > of your site (via direct URL) without first going through the login > > > screen? > > > > Also, how does one go about deleting or clearing session data once the > > > user leaves the site without logging out first? > > > > Thanks!- Hide quoted text - > > - Show quoted text - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Re: Proper way to use sessions
Thank you for you reply, that's useful info. As to the second part of my question, how would I enforce this as the user leaves my site? Since gaeutilities sessions persist in the datastore, I would need some way of knowing when the user leaves the site so that I can either delete the session or set some variable in it indicating that the user logged out. On Jan 28, 9:02 am, Blixt wrote: > If you're familiar with Python: > If you've got separate request handlers for the parts of the site that > require login and the parts that don't, you can make a function > descriptor that checks if the user is logged in before calling the > actual function. If the user is not logged in, it redirects to a login > page. Then you can use this descriptor on the get / post methods. > > Google provides this functionality with their @require_login > descriptor that redirects to the Google Accounts login page if the > user is not logged in, but this doesn't work when rolling your own > authentication system, obviously. > > If you're not familiar with Python: > The simplest way is probably to just make a function you can call that > returns True if the user is logged in. If the user is not logged in, > it redirects the user to your login page, then returns False. In your > actual get / post method you check whether the result of this function > is False, and if so, you leave the method: > > def logged_in(request): > if [user is logged in]: > return True > request.redirect('/login') > return False > > class UserSettings(webapp.RequestHandler): > def get(self): > if not logged_in(self): return > # show page > > On Jan 28, 3:13 am, solidus wrote: > > > > > Hi all, > > > I'm new to appengine and somewhat new to web development. My question > > is regarding proper ways to use sessions. > > > I'm currently messing around using the gaeutilities sessions module. I > > have a basic login page and some content. The question is what is the > > standard/best practice way to ensure that users aren't accessing parts > > of your site (via direct URL) without first going through the login > > screen? > > > Also, how does one go about deleting or clearing session data once the > > user leaves the site without logging out first? > > > Thanks!- Hide quoted text - > > - Show quoted text - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---
[google-appengine] Proper way to use sessions
Hi all, I'm new to appengine and somewhat new to web development. My question is regarding proper ways to use sessions. I'm currently messing around using the gaeutilities sessions module. I have a basic login page and some content. The question is what is the standard/best practice way to ensure that users aren't accessing parts of your site (via direct URL) without first going through the login screen? Also, how does one go about deleting or clearing session data once the user leaves the site without logging out first? Thanks! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~--~~~~--~~--~--~---