[mod_python] Access checking against another path

Roger Binns rogerb at rogerbinns.com
Mon Apr 30 20:47:48 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Graham Dumpleton wrote:
> Note that when using req.internal_redirect(), that called resource
> then effectively generates the complete response. If you want the
> output of the sub request to be included as a subcomponent of HTML of
> parent, then you would really need to do a Python import to get access
> to Python code for your sub handler and invoke direct as Python code.

I still don't see how this helps me.  It is closer, but doesn't solve
the fundamental problem of wanting to check the access control.  My
handler code for /admin would look something like this:

def handler(req):
  print "Hello world"

  # I can't see how to do the next two lines which could have
  # different permissions
  ... check credentials in req against "/api/object/list"
  ... check credentials in req against "/api/object3/delete"

  # The next two could be done by calling the code that
  # implements /api directly (or playing with internal_redirect)
  items=request("/api/object/list")
  request("/api/%s/delete" % (items[3],))

  print "more output saying item3 was deleted"

Roger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGNo40mOOfHg372QQRAktzAKCn9wC9l6qV7RsA9BuHu7qJJj9e0wCgo+1I
/zTA5dlHINjEVFZZvv9I8k8=
=hzjQ
-----END PGP SIGNATURE-----


More information about the Mod_python mailing list