advice about `correct' use of decorator
Laszlo Nagy
gandalf at shopzeus.com
Fri Aug 17 08:13:47 EDT 2007
>>
>> Are you developing a website or a GUI program?
>>
>>
> It will be used in a web development. It is an important point?
Yes, I think. Unless you use AJAX. :-) Most web sites work this way:
user clicks -> request to server -> process on server -> response
I would rather enclose the whole handler in try/except and raise a
custom PermissionDenied exception when the user has inscuficient
permissions. There are problems with a decorator used for authorization.
The context needs to be determined. E.g. which user is accessing the
method? (It can be hard to tell if the method is part of a thread object
that lies in a thread pool and is shared between simultaneous
clients...) Also it might be that the method's purpose is to change
objects of the same class, and the user has permission to modify one
object but not the other. In this case, authorization must be done
inside the function call... How do you express this with a decorator?
These are just ideas. You should analyze your problem and make your
decision. If you only want to restrict access to functions, then
probably using decorators is perfect.
Best,
Laszlo
More information about the Python-list
mailing list