On Oct 17, 2011, at 6:21 AM, Massimo Di Pierro wrote:
> @auth.requires(condition)
>
> First checks that user is logged in then it check whether the
> condition is true or False.
> This behavior has changed but it was undocumented.
>
> I guess next question is how do you do what you need to do. I thought
> about it and I pushed this to trunk:
>
> @auth.requires(request.client=='127.0.0.1' or auth.user,login=False)
>
>
> The login=False skips the pre-check on user login.
Could that be changed perhaps to require_login=False? It's a little less
ambiguous, since login=False could be read to require that the user *not* be
logged in.
>
> Massimo
>
>
> On Oct 17, 1:19 am, "Ray (a.k.a. Iceberg)" <iceb...@21cn.com> wrote:
>> Thanks for the workaround, I might take that. But I will still argue
>> that:
>>
>> 1. Does authentication have to mean logged-in, or can it be something
>> else, such as "accessing from localhost", "accessing via ajax", etc.?
>>
>> 2. if @auth already means authentication, why there is still an
>> auth.requires_login() which implemented as
>> auth.requires(auth.is_logged_in())? Shouldn't this implementation
>> imply that auth.requires() does not check is_logged_in()? All in all,
>> what is auth.requires()'s semantics?
>>
>> Regards,
>> Ray
>>
>> On Oct 17, 1:41 pm, Bruno Rocha <rochacbr...@gmail.com> wrote:
>>
>>
>>
>>
>>
>>
>>
>>> I think it should be, because @auth means authentication, so needs
>>> authenticated user.
>>
>>> In your case I should do differently.
>>
>>> def secret():
>>> if not request.client == '127.0.0.1' or not auth.user:
>>> redirect(URL('default', 'user', args='login'))
>>> return {"": "some cool stuff"}
