@auth.requires(condition)
First checks that user is logged in then it check whether the
condition is true or False.
This behavior has changed but it was undocumented.
I guess next question is how do you do what you need to do. I thought
about it and I pushed this to trunk:
@auth.requires(request.client=='127.0.0.1' or auth.user,login=False)
The login=False skips the pre-check on user login.
Massimo
On Oct 17, 1:19 am, "Ray (a.k.a. Iceberg)" <iceb...@21cn.com> wrote:
> Thanks for the workaround, I might take that. But I will still argue
> that:
>
> 1. Does authentication have to mean logged-in, or can it be something
> else, such as "accessing from localhost", "accessing via ajax", etc.?
>
> 2. if @auth already means authentication, why there is still an
> auth.requires_login() which implemented as
> auth.requires(auth.is_logged_in())? Shouldn't this implementation
> imply that auth.requires() does not check is_logged_in()? All in all,
> what is auth.requires()'s semantics?
>
> Regards,
> Ray
>
> On Oct 17, 1:41 pm, Bruno Rocha <rochacbr...@gmail.com> wrote:
>
>
>
>
>
>
>
> > I think it should be, because @auth means authentication, so needs
> > authenticated user.
>
> > In your case I should do differently.
>
> > def secret():
> > if not request.client == '127.0.0.1' or not auth.user:
> > redirect(URL('default', 'user', args='login'))
> > return {"": "some cool stuff"}
