|
Roger Binns
rogerb at rogerbinns.com
Mon Apr 30 20:47:48 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Graham Dumpleton wrote:
> Note that when using req.internal_redirect(), that called resource
> then effectively generates the complete response. If you want the
> output of the sub request to be included as a subcomponent of HTML of
> parent, then you would really need to do a Python import to get access
> to Python code for your sub handler and invoke direct as Python code.
I still don't see how this helps me. It is closer, but doesn't solve
the fundamental problem of wanting to check the access control. My
handler code for /admin would look something like this:
def handler(req):
print "Hello world"
# I can't see how to do the next two lines which could have
# different permissions
... check credentials in req against "/api/object/list"
... check credentials in req against "/api/object3/delete"
# The next two could be done by calling the code that
# implements /api directly (or playing with internal_redirect)
items=request("/api/object/list")
request("/api/%s/delete" % (items[3],))
print "more output saying item3 was deleted"
Roger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGNo40mOOfHg372QQRAktzAKCn9wC9l6qV7RsA9BuHu7qJJj9e0wCgo+1I
/zTA5dlHINjEVFZZvv9I8k8=
=hzjQ
-----END PGP SIGNATURE-----
|