I'll try in other words..... I/we (users building rest api) don't want
the user to be redirected to any page (my own or the default really
doesn't matter)...all the decorators seems to redirect
somewhere....instead they "should" call a function (maybe by default a
redirect, in order to don't break backword compatibility) that, for
example, I/we can modify raising a 404.
On 22 Set, 21:38, mdipierro <mdipie...@cs.depaul.edu> wrote:
> You want to disable the login page.
>
> You can try
> auth.settings.actions_disabled.append('login')
> auth.settings.actions.login_url=URL('your_own_error_page')
>
> On Sep 22, 2:27 pm, Niphlod <niph...@gmail.com> wrote:
>
>
>
> > I'm really sorry....
>
> > I'm looking for an answer to this question:
> > 2) I saw what auth.settings.allow_basic_login = True does (and
> > auth.basic()) and it "allows" the basic authentication in addition to
> > the default auth (also with disabled actions). Maybe the default auth
> > can be shut down totally?
>
> > That is quite clear, I guess... I can't find a way to shut down
> > default auth and leave only basic auth as the default method for login
>
> > let's explain in other words the other "feature request" instead...
>
> > I don't know in deep all the auth module, but (at least for me) is the
> > one that is less "usable" when you create web services.
> > what I'm asking is the best way (i.e. the less error prone way) to
> > have the auth decorators to return/raise an http status instead of
> > raising a redirect to login page or the "user" controller.
> > Right now it seems that you can configure quite all, but all you can
> > configure is where the user will be redirected when the authorization
> > fails....
>
> > If you want to create an interface to a web api, maybe a REST one, you
> > rarely need to redirect someone to the login page if he is not a valid
> > user, nor you need to redirect him if he is a valid user without the
> > permissions to access a particular controller/resource...you just tell
> > him it's not authorized (the "recommended" behaviour would be to raise
> > a 404).
>
> > Going by hand to patch the auth module substituting all redirects to
> > something else or creating a new one from scratch seems a little bit a
> > long catch...maybe who planned and coded the auth module will figure
> > out a "smart" way to enable this behaviour...and I think that web2py
> > will be a good contender to django-piston or other frameworks of
> > choice when you are going to create a web [RESTful] API.- Nascondi testo
> > citato
>
> - Mostra testo citato -
