Restrictive routing best practices for Google App Engine with python?
Posted
by
Aleksandr Makov
on Programmers
See other posts from Programmers
or by Aleksandr Makov
Published on 2013-06-28T13:45:21Z
Indexed on
2013/06/28
16:29 UTC
Read the original article
Hit count: 255
Say I have a simple structure:
app = webapp2.WSGIApplication([
(r'/', 'pages.login'),
(r'/profile', 'pages.profile'),
(r'/dashboard', 'pages.dash'),
], debug=True)
Basically all pages require authentication except for the login. If visitor tries to reach a restrictive page and he isn't authorized (or lacks privileges) then he gets redirected to the login view.
The question is about the routing design. Should I check the auth and ACL privs in each of the modules (pages.profile
and pages.dash
from example above), or just pass all requests through the single routing mechanism:
app = webapp2.WSGIApplication([
(r'/', 'pages.login'),
(r'/.+', 'router')
], debug=True)
I'm still quite new to the GAE, but my app requires authentication as well as ACL. I'm aware that there's login
directive on the server config level, but I don't know how it works and how I can tight it with my ACL logic and what's worse I cannot estimate time needed to get it running. Besides, it looks only to provide only 2 user groups: admin
and user
.
In any case, that's the configuration I use:
handlers:
- url: /favicon.ico
static_files: static/favicon.ico
upload: static/favicon.ico
- url: /static/*
static_dir: static
- url: .*
script: main.app
secure: always
Or I miss something here and ACL can be set in the config file? Thanks.
© Programmers or respective owner