{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 欢心 的问题《How flexible is Pyramids auth system?》','https://www.manongdao.com/q-589055.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am getting my feet wet working with the Pyramid framework (great framework), and I've come to the point of user authorization. I want to take advantage of the ACL to block users who are already logged in from visiting the registration page. Obviously, I could do this other ways, but I was wondering if there was any way to do this using tools in pyramid.
I know that by adding permissions to a view, users who do not meet the criteria are shown a forbidden view. In my case, I simply want to re route users who are already members away from views that don't apply to them (registration, login, etc.).
I've tried __acl__ = [(Deny, Authenticated, 'guest')] to no avail, as it blocks the login page for all users.
Also, somewhat on another note, is there any way to dynamically change a route. I want the home page to be different for users who are logged in than it is for guests.
You'll want to investigate the principals that are being returned by your authentication policy to understand what's going on. It's easy to tell if you turn on
pyramid.debug_authorizationin your INI file. The authorization policy will compare the ACL found against the principals returned viapyramid.security.effective_principals(request). If these do not match up, it should be clear what is going on.The way to implement a form-based login would be (assuming Pyramid 1.3a9+):
That will add the
came_fromparameter to the URL asrequest.GET['came_from']in your login view. Of course if that isn't there you can just redirect them to the home screen after logging in.