But I only expect it to hit the database i.e. execute the permission check, when I request a "protected" action in a controller. Not if I request an "unprotected" action. So, using the example above, if I call/request test I DO NOT expect database avtivity, if I call test2 I DO expect database activity.
It probably has to do with the way python decorators with parameters work, but these side effects are really bad. On Nov 18, 4:40 pm, Khalil KHAMLICHI <khamlichi.kha...@gmail.com> wrote: > Sorry pressed send button by mistake. > I was saying that I believe auth lives in memory so no db access is > supposed to happen, > and I go back and say that RBAC will need db access all times. > Khalil > > On Nov 18, 2011 3:37 PM, "Khalil KHAMLICHI" <khamlichi.kha...@gmail.com> > wrote: > > > > > > > > > I am not an expert in this, but I believe that : > > > @auth.requires_login() > > > there would be no database quieries because auth is stored in session > > which I believelives in