Hi again guys!
thanks for help Greg.
Now I think it�s not a good idea to pass the page name throught
request, so I done another approach. I made the RestrictModel as I
said...
What is the idea of RestrictModel. If the user is not logged in, I show
a login form, else I check if the user permission is enough, if the
user permission is not enough I show a error message, else, I show the
page the user is trying to get in (RestrictModel in this case).
I can create a subclass of the restrictModel and this servlet will have
a login form implemented and will have a login validation too. All I
have to do is to define which user permission is able to access the
page...
See the code above, it�s coded using brazilian portuguese, but I think
you can understand:
class ModeloRestrito(Modelo):
def _validarRequest(self):
login=self.request().value('_login_', None)
senha=self.request().value('_senha_', None)
if login is None and senha is None:
return # caso em que n�o tentei fazer login
if not login:
self.erro.append('Voc� precisa especificar um login!')
if not senha:
self.erro.append('Voc� precisa especificar uma senha!')
if self.erro:
return
try:
usuario=Usuario.byLogin(login)
except SQLObjectNotFound:
self.erro.append('O login fornecido n�o existe!')
return
if not usuario.senha==senha:
self.erro.append('A senha fornecida est� incorreta!')
else:
self.session().setValue('_userLoggedIn_', usuario.id)
def doesUserHasPermission(self):
usuario=Usuario.get(self.userLoggedIn())
for i in usuario.niveis_permissao:
if i.id in self.userPermission():
return True
return False
def userPermission(self):
return [1]
def writeLoginErrorMessage(self):
self.writeln('<p class="erro">Voc� precisa estar logado para
acessar esta se��o</p>')
def writePermissionErrorMessage(self):
self.writeln('<p class="erro">Seu login n�o d� permiss�o de acesso
a esta se��o!</p>')
def writeLoginForm(self):
self.writeln('''\
<form method="post" action="%s">
<table>
<tr>
<td>Login:</td>
<td><input type="text" name="_login_" value="%s"></td>
</tr>
<tr>
<td>Senha:</td>
<td><input type="password" name="_senha_"></td>
</tr>
</table>
<p><input type="submit" value="Enviar Dados"></p>
</form>''' % (self.__class__.__name__, self.request().value('_login_',
'')))
def _writeContent(self):
if not self.userLoggedIn():
self.writeLoginErrorMessage()
self.writeLoginForm()
else:
if self.doesUserHasPermission():
Modelo._writeContent(self)
else:
self.writePermissionErrorMessage()
The model is too long to be shown here, but it is based on page, I
change some methods like writeContent( I call _writeContent before),
and the _respond method (I call _validarRequest before writeHTML and
call validarRequest inside writeHTML)...
If someone wanna see this working:
http://www.portaldofornecedor.com.br/cgi-bin/wkcgi/ControleVendas/
the login michel and pass teste can acess all pages, the user teste
with pass teste can acess only the "Pagina Restrita 2"...
Sorry the big message, and sorry again about the poor english :)
=====
--
Michel Thadeu Sabchuk
Curitiba/PR
______________________________________________________________________
Yahoo! Mail - agora com 100MB de espa�o, anti-spam e antiv�rus gr�tis!
http://br.info.mail.yahoo.com/
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
