Maybe a better example is this:
def index():
# create public index page stuff
return dict(...)
@auth.requires_permission('administrate users')
def admin_users():
# private stuff
return dict(...)
Opening the index page would still hit the database and request
details about the 'administrate users' permission.The index page is
shown, but you still have an totally unnecessary database query. Add
more similarly protected actions in this controller file and the
request for the index page executes even more database queries.
On Nov 18, 4:51 pm, Ids <idsvandermo...@gmail.com> wrote:
> But I only expect it to hit the database i.e. execute the permission
> check, when I request a "protected" action in a controller. Not if I
> request an "unprotected" action.
> So, using the example above, if I call/request test I DO NOT expect
> database avtivity, if I call test2 I DO expect database activity.
>
> It probably has to do with the way python decorators with parameters
> work, but these side effects are really bad.
>
> On Nov 18, 4:40 pm, Khalil KHAMLICHI <khamlichi.kha...@gmail.com>
> wrote:
>
>
>
>
>
>
>
> > Sorry pressed send button by mistake.
> > I was saying that I believe auth lives in memory so no db access is
> > supposed to happen,
> > and I go back and say that RBAC will need db access all times.
> > Khalil
>
> > On Nov 18, 2011 3:37 PM, "Khalil KHAMLICHI" <khamlichi.kha...@gmail.com>
> > wrote:
>
> > > I am not an expert in this, but I believe that :
>
> > > @auth.requires_login()
>
> > > there would be no database quieries because auth is stored in session
> > > which I believelives in
