thank you
On 7 июн, 19:50, Anthony <abasta...@gmail.com> wrote: > Note, you can probably even use an auth decorator, similar to checking for > ajax-loaded components via request.cid > (seehttp://www.web2py.com/book/default/chapter/13#Trapped-Ajax-Links). > > @auth.requires(request.env.http_web2py_component_location) > def some_block(): > > Also, note that testing for request.env.http_web2py_component_location is > not a foolproof security measure -- I think it can be spoofed by simply > adding 'web2py-component-location' to the HTTP request headers (same goes > for testing for request.cid). > > Anthony > > > > > > > > On Tuesday, June 7, 2011 8:26:56 AM UTC-4, Anthony wrote: > > I don't think calls to LOAD are local requests (even with ajax=False) -- > > the call to LOAD simply passes the original request environment to the > > component controller action. > > > What you need is a way to determine if a request has come in via a call to > > LOAD. In that case, request.env should include > > http_web2py_component_location (as well as http_web2py_component_element), > > so you could test for that: > > > def some_block(): > > if request.env.http_web2py_component_location: > > do_smth() > > return dict(smth=smth) > > else: > > return None > > Anthony > > > On Tuesday, June 7, 2011 1:32:43 AM UTC-4, LightOfMooN wrote: > > >> What is logic of request.is_local? > > >> I tried use it to prevent direct access to some included blocks: > > >> def index(): > >> return dict() > > >> def some_block(): > >> if request.is_local: > >> do_smth() > >> return dict(smth=smth) > >> else: > >> return None > > >> index.html: > >> {{=LOAD('mycontroller', 'some_block', ajax=False)[0][0]}} > > >> so, I thought, web2py load function with ajax=False is called locally, > >> and content of "some_block" will be available in index.html, but not > >> by url /mycontroller/some_block.html > > >> But request.is_local returns False. > > >> Is there any other way to do it? > >> (check some secret vars or args is not good)
