You can do in the way anthony said, but you can do it all in models, no need to touch controller code.
models/...........py ######################################################## auth = Auth(....) # a dict of controllers as keys, and a list of allowed groups as values auth_rules = { "default" : ['admin'], "post": ["admin", "editor"], "secret_controller": ["my_secret_group"] } groups_to_check = auth_rules.get(request.controller, []) has_membership = map(auth.has_membership, groups_to_check) if not any(has_membership): redirect(URL(r=request, c='default', f='index')) ######################################################## You can group all the code above in one liner. On Wed, Jul 25, 2012 at 10:39 PM, Anthony <abasta...@gmail.com> wrote: > That looks pretty good. If you want to avoid running all your models, you > can put that logic early in your models (obviously somewhere after auth is > defined): > > if request.controller == 'secret_stuff' and not auth.has_membership( > 'admin'): > > Anthony > > > On Wednesday, July 25, 2012 9:14:31 PM UTC-4, Richard Penman wrote: >> >> I mean is there a better way than something like: >> >> if not auth.has_membership('admin'): >> session.flash = 'You are not part of the admin group' >> redirect(URL(r=request, c='default', f='index')) >> > -- > > > > --