RE: [Webware-discuss] How to know the previous page?

[<mic...@ya...>]

Hi again guys!

thanks for help Greg.

Now I think it´s not a good idea to pass the page name throught
request, so I done another approach. I made the RestrictModel as I
said...

What is the idea of RestrictModel. If the user is not logged in, I show
a login form, else I check if the user permission is enough, if the
user permission is not enough I show a error message, else, I show the
page the user is trying to get in (RestrictModel in this case).

I can create a subclass of the restrictModel and this servlet will have
a login form implemented and will have a login validation too. All I
have to do is to define which user permission is able to access the
page...

See the code above, it´s coded using brazilian portuguese, but I think
you can understand:

class ModeloRestrito(Modelo):
  def _validarRequest(self):
    login=self.request().value('_login_', None)
    senha=self.request().value('_senha_', None)
    if login is None and senha is None:
      return # caso em que não tentei fazer login
    if not login:
      self.erro.append('Você precisa especificar um login!')
    if not senha:
      self.erro.append('Você precisa especificar uma senha!')
    if self.erro:
      return
    try:
      usuario=Usuario.byLogin(login)
    except SQLObjectNotFound:
      self.erro.append('O login fornecido não existe!')
      return
    if not usuario.senha==senha:
      self.erro.append('A senha fornecida está incorreta!')
    else:
      self.session().setValue('_userLoggedIn_', usuario.id)

  def doesUserHasPermission(self):
    usuario=Usuario.get(self.userLoggedIn())
    for i in usuario.niveis_permissao:
      if i.id in self.userPermission():
        return True
    return False

  def userPermission(self):
    return [1]

  def writeLoginErrorMessage(self):
    self.writeln('<p class="erro">Você precisa estar logado para
acessar esta seção</p>')

  def writePermissionErrorMessage(self):
    self.writeln('<p class="erro">Seu login não dá permissão de acesso
a esta seção!</p>')

  def writeLoginForm(self):
    self.writeln('''\
<form method="post" action="%s">
<table>
<tr>
  <td>Login:</td>
  <td><input type="text" name="_login_" value="%s"></td>
</tr>
<tr>
  <td>Senha:</td>
  <td><input type="password" name="_senha_"></td>
</tr>
</table>
<p><input type="submit" value="Enviar Dados"></p>
</form>''' % (self.__class__.__name__, self.request().value('_login_',
'')))

  def _writeContent(self):
    if not self.userLoggedIn():
      self.writeLoginErrorMessage()
      self.writeLoginForm()
    else:
      if self.doesUserHasPermission():
        Modelo._writeContent(self)
      else:
        self.writePermissionErrorMessage()

The model is too long to be shown here, but it is based on page, I
change some methods like writeContent( I call _writeContent before),
and the _respond method (I call _validarRequest before writeHTML and
call validarRequest inside writeHTML)...

If someone wanna see this working:
http://www.portaldofornecedor.com.br/cgi-bin/wkcgi/ControleVendas/

the login michel and pass teste can acess all pages, the user teste
with pass teste can acess only the "Pagina Restrita 2"...

Sorry the big message, and sorry again about the poor english :)

=====
--
Michel Thadeu Sabchuk
Curitiba/PR

______________________________________________________________________

Yahoo! Mail - agora com 100MB de espaço, anti-spam e antivírus grátis!
http://br.info.mail.yahoo.com/