From: <mic...@ya...> - 2004-06-23 13:08:47
|
Hi again guys! thanks for help Greg. Now I think it´s not a good idea to pass the page name throught request, so I done another approach. I made the RestrictModel as I said... What is the idea of RestrictModel. If the user is not logged in, I show a login form, else I check if the user permission is enough, if the user permission is not enough I show a error message, else, I show the page the user is trying to get in (RestrictModel in this case). I can create a subclass of the restrictModel and this servlet will have a login form implemented and will have a login validation too. All I have to do is to define which user permission is able to access the page... See the code above, it´s coded using brazilian portuguese, but I think you can understand: class ModeloRestrito(Modelo): def _validarRequest(self): login=self.request().value('_login_', None) senha=self.request().value('_senha_', None) if login is None and senha is None: return # caso em que não tentei fazer login if not login: self.erro.append('Você precisa especificar um login!') if not senha: self.erro.append('Você precisa especificar uma senha!') if self.erro: return try: usuario=Usuario.byLogin(login) except SQLObjectNotFound: self.erro.append('O login fornecido não existe!') return if not usuario.senha==senha: self.erro.append('A senha fornecida está incorreta!') else: self.session().setValue('_userLoggedIn_', usuario.id) def doesUserHasPermission(self): usuario=Usuario.get(self.userLoggedIn()) for i in usuario.niveis_permissao: if i.id in self.userPermission(): return True return False def userPermission(self): return [1] def writeLoginErrorMessage(self): self.writeln('<p class="erro">Você precisa estar logado para acessar esta seção</p>') def writePermissionErrorMessage(self): self.writeln('<p class="erro">Seu login não dá permissão de acesso a esta seção!</p>') def writeLoginForm(self): self.writeln('''\ <form method="post" action="%s"> <table> <tr> <td>Login:</td> <td><input type="text" name="_login_" value="%s"></td> </tr> <tr> <td>Senha:</td> <td><input type="password" name="_senha_"></td> </tr> </table> <p><input type="submit" value="Enviar Dados"></p> </form>''' % (self.__class__.__name__, self.request().value('_login_', ''))) def _writeContent(self): if not self.userLoggedIn(): self.writeLoginErrorMessage() self.writeLoginForm() else: if self.doesUserHasPermission(): Modelo._writeContent(self) else: self.writePermissionErrorMessage() The model is too long to be shown here, but it is based on page, I change some methods like writeContent( I call _writeContent before), and the _respond method (I call _validarRequest before writeHTML and call validarRequest inside writeHTML)... If someone wanna see this working: http://www.portaldofornecedor.com.br/cgi-bin/wkcgi/ControleVendas/ the login michel and pass teste can acess all pages, the user teste with pass teste can acess only the "Pagina Restrita 2"... Sorry the big message, and sorry again about the poor english :) ===== -- Michel Thadeu Sabchuk Curitiba/PR ______________________________________________________________________ Yahoo! Mail - agora com 100MB de espaço, anti-spam e antivírus grátis! http://br.info.mail.yahoo.com/ |