python - Creating restricted pages in google app engine -


i'm having trouble creating admin pages on python google app engine site. think answer should pretty straightforward, honestly, i've been trying understand how classes inheriting other classes, or using functions wrap other functions, , can't seem understanding of it.

basically, site has 2 kinds of pages: main page, , pages allow user perform admin actions. main page can seen without signing in. other pages admins. users accounts admins, i've set webapp2 sessions, , long 

self.sessions.get('username')

returns that's enough allowed access other pages.

here handlers:

class basehandler(webapp2.requesthandler):     def write(self, *a, **kw):         self.response.out.write(*a, **kw)      def render(self, template, **kw):         self.response.out.write(render_str(template, **kw))      def dispatch(self):         # session store request.         self.session_store = sessions.get_store(request=self.request)          try:             # dispatch request.             webapp2.requesthandler.dispatch(self)         finally:             # save sessions.             self.session_store.save_sessions(self.response)      @webapp2.cached_property     def session(self):         # returns session using default cookie key.         return self.session_store.get_session()  class mainhandler(basehandler):     def get(self):         animals = animal.query().fetch(100)         self.render('index.html',animals=animals)  class adminhandler(basehandler):     def get(self):         if self.session.get('username'):             self.render('admin.html')         else:             self.render('signin.html')  class reorderhandler(basehandler):     def get(self):         self.render('reorder.html')     def post(self):         #change order of item display         self.write('ok')  class deletehandler(basehandler):     def get(self):         self.render('delete.html')     def post(self):         #delete entry db         self.write('ok')  class addhandler(basehandler):     def get(self):         self.render('add.html')     def post(self):         #add entry db         self.write('ok')  class signinhandler(basehandler):     def post(self):         #check username , password         if valid:             self.session['username'] = username             self.redirect('/admin')         else:             self.write('not valid')

the adminhandler lays out basic logic of these admin pages should do. if trying access admin pages, handler should checks see if user signed in, , if so, allow access page. if not, renders sign-in page.

reorder, delete, , add actions want admins able do, there might more in future. add adminhandler logic gets , posts of other handlers, extremely repetitive , therefore sure wrong thing do.

looking guidance on how logic of adminhandler incorporated of other handlers cover "administrative" tasks.

update: brent washburne pointed me in right direction enough thing working, although still don't feel understand decorator function does. anyway, code seems working, , looks this:

def require_user(old_func):     def new_function(self):         if not self.session.get('username'):             self.redirect('/signin')         old_func(self)     return new_function  class adminhandler(basehandler):     @require_user     def get(self):         self.render('admin.html')  class addhandler(basehandler):     @require_user     def get(self):         self.render('add.html')     @require_user     def post(self):         name = self.request.get('name')         qry = animal.query(animal.name == name).get()         if not qry:             new_animal = animal(name=name)             new_animal.put()         self.write('ok')

and on other "admin" handlers.

here's brute-force way ensure user logged in every page (except login page), or redirects them login page:

def dispatch(self):     # session store request.     self.session_store = sessions.get_store(request=self.request)      if not self.session['username'] , self.request.get('path') != '/login':         return redirect('/login')

a better way add code top of every get() , put() routine:

def get(self):     if not self.session['username']:         return redirect('/login')

an better way turn code decorator need add 1 line:

@require_login def get(self):     ....

Comments

Post a Comment

Popular posts from this blog

java - pagination of xlsx file to XSSFworkbook using apache POI -

right in code, reading xlsx file, xssfworkbook, , writing database. but, when size of xlsx file increases, causes outofmemory error. can not increase server size, or divide xlsx file pieces. tried loading workbook using file (instead of inputstream), didn't either. i looking way read 10k rows @ time (instead of entire file @ once) , iteratively write workbook , database. is there way apache poi? poi contains called "eventmodel" designed purpose. it's mentioned in faq : the ss eventmodel package api reading excel files without loading whole spreadsheet memory. require more knowledge on part of user, reduces memory consumption more tenfold. based on awt event model in combination sax. if need read-only access, best way it. however, may want double check first if issue somewhere else. check out this item : i think poi using memory! can do? 1 comes quite lot, reason isn't might think. so, first thing check - what's source of prob...
Read more

Unlimited choices in BASH case statement -

consider simple bash snippet: case $option in 1) image=${options[0]%.tar} ;; 2) image=${options[1]%.tar} ;; 3) image=${options[2]%.tar} ;; 4) image=${options[3]%.tar} ;; *) echo "invalid option" exit 1 esac in real script numbers goes 30. makes pretty long. can somehow specify cases variable? something this: case $option in $i) image=${options[$(($i-1))]%.tar} any pointer appreciated. you can match against multiple patterns in single clause: case $option in 1|2|3: echo "$option one, 2 or three" ;; esac if still typing you, can use simple pattern matching: case $option in # following matches # - single-digit numbers 0-9 # - two-digit numbers starting either 1 or 2 # - number 30 [0-9]|[12][0-9]|30) image=${options[$(($option-1))]%.tar} ;; *) echo "invalid option" 1>&2 exit 1 esac
Read more

apache - How do I stop my index.php being run twice for every user -

we've got webapp initial html served using apache , php. i noticed index.php being run twice every request. seems caused / effected rewrite rules in our .htaccess - rewritecond %{http_host} ^(www\.|hotels\.)ourdomain\.com$ [nc,or] rewritecond %{server_name} ^(www\.|hotels\.)ourdomain\.com$ [nc] rewriterule (.*) http://ourdomain.com/$1 [r=301] rewriterule ^hotels/([^/]+)/?\??(.*)$ ?d=$1&$2 [qsa] the final rule moving parameter url path query string. i.e. http://ourdomain.com/hotels/vegas?someparam=1 becomes http://ourdomain.com?d=vegas&someparam=1 if go directly query string version index.php run once. if use url redirected, index.php run twice (i'm checking adding error_log('end of index.php') file). so example going http://ourdomain.com/hotels/paris hits file twice http://ourdomain.com?d=paris hits once. i've seen this question , had @ blog mentioned , , can't find empty string url's (i've tried using yslow process). ...
Read more