I am writing an application where login is required for almost the
entire site (Intranet application inside a company). There is an
equipment access dictionary structure I called user_access I build
from the database at login and cache in the session. I added code to
the default controller user function to set the dictionary to None on
logout as follows:
In default.py
def user():
if request.args(0)=='logout':
session.user_access = None
return dict(form=auth())
I need the user_access dictionary as the basis for a menu structure
that allows access to equipment through menu items and doesn't offer
items the user is not supposed to use.
I put this code into menu.py just after the index page definition and
the login/logoff and user_access dictionary states seem to track well
for what I need.
response.menu = [
(T('Index'), False, URL('default','index'), [])
]
if auth.user:
if not session.user_access:
session.user_access = get_user_access()
response.menu += generate_user_dependent_menu()
.... rest of menu code.
Is this the right way to accomplish this? What if there are AJAX or
RPC service requests, I think model code still gets run fully and
these requests are required to be authenticated as well. I could also
move this to the last model file and then just put if auth.user: in
front of the per user defined portion of the menu.
Thanks
Ron
