Adding a CMS to Your Pyramid Web App Transcripts
Chapter: Redirects and the admin section
Lecture: Cleaner permission checks
0:00 If you look at this code, it looks pretty decent, right? We've got our index method and we're' validating the user, and we've got this.
0:07 Now it turns out that this is going to require checking permissions on many different places.
0:14 And I want to just show you a slightly better way We can write this If you prefer this over what I'm about to show you Just leave it. It works great
0:21 But what I would like to do is I would like to take the validation out of the function here
0:27 And I would like to put some kind of decorator like safe 'permissions.admin' or something like that
0:33 and put this up there and say. This entire function always, always, always requires that the user is an admin and put it up here like this
0:41 To me, it's a little easier to check the permissions air set this way, and you know this won't be here anymore. This will just be gone
0:47 It would just write the regular code, and because this decorator is up here, it's going to do the check
0:52 Turns out that that's pretty straightforward to write. Let's go over here and create a new file called permissions. Write a function called admin.
1:02 Now decorators are weird If you haven't written them before. So what we have to pass is a view function
1:10 We're gonna pass that in, and then what we're gonna do to create another function that adds some behavior than calls this view function and return that
1:18 So it's kind of him in line replacement of functions, this function that we're going to write
1:26 this checker method I don't know what you would call it checker function, It's going to have the same signature as the view function
1:33 Look over here, that is, It's going to take a request just like this And we can make this explicit or not. Just mostly this is for us to remember,
1:46 So in here we're going to return the value calling the view function, bypassing the request Let's write this really quick like so.
1:57 Then the goal of this, this decorator here, this admin thing is to just pass back the function,that's going to be called, not call it
2:05 Okay, so it passes it back, then Pyramid is gonna call this function, which is going to do some validation and then call this view in.
2:13 So this is where we add our validation. We're gonna need to check the user and again,
2:15 Using that view model that knows how to do all that magic is probably the easiest.
2:19 So gonna say view model base do our double control space to get the magic happening. Pass the request over
2:26 And we'll say 'if not vm.user or not vm.user.is_admin'. Then we're gonna do the same thing.
2:34 We're gonna raise an http forbidden like this import that we could give it a message like you must be an admin.
2:49 Something like that. You must be an admin to access the section and actually, this should work.
2:54 So we can come over here, hide that away. We have to import this there other than we should be golden, actually
3:01 So we're gonna go up here, put this decorator on here,
3:04 it's gonna take this function and replace it with this outer function that does the validation plus calling itself.
3:10 Let's give it a shot, we come over here. We have our admin section there and notice the admin thing here as well.
3:18 Here's a regular page. Still working here's an admin page allowing it. Why? Because my user is an admin. Let's go see.
3:27 Here we go. We already got that open. Let's go make me not an admin.
3:31 Push that to the database. Now, if I hit refresh, it should check on I'm no longer a user.
3:35 Well, first Let's see over here that my admin permission went away. See it? It's gone from here. If I refresh this, it should not let me in
3:43 And just like before, It doesn't. As many times as I want. No, no, no, you don't get to go in unless you're an admin.
3:50 Leave that to the database. Try one more time. Hey, look, I'm an admin, I'm in.
3:54 So this is this alternate model that I'm going to use, all the things that require admin access,
3:58 Or you could extend this for what other types of checks you want but if it requires admin access,
4:03 I'm gonna put this decorator on it rather than doing it throughout the rest of our CMS admin section.