Python for Entrepreneurs Transcripts
Chapter: Build web apps with Pyramid: Applied web development
Lecture: Plugging leaky actions demo
0:01 So as you can tell, I am very bullish on this idea
0:04 of handlers and controllers in Pyramid
0:06 and I think it really makes organizing and extending your code,
0:09 your website much much easier.
0:12 There is one little gotcha I want to make you are aware of,
0:15 and give you a real quick fix for.
0:17 So notice in this controller I've added a new method
0:19 called dont_expose_as_web_action
0:21 these three methods are meant to be called at /home/index
0:25 or /home/about and so on, but maybe this is like an internal function,
0:29 and this is really meant to be used by these other things possibly conditionally,
0:34 like this is "create a new user" and it passes some data or something like that,
0:38 so it turns out that if we don't take a small step,
0:41 this method also becomes callable,
0:45 with the way we've set things up, let me show you.
0:48 So if I come over here and notice it's printing called don't expose,
0:53 even though you are going to see a crash in the browser,
0:55 if I go over here and I put this method name up here,
0:58 dont_expose_as_web_action, it crashes, because it doesn't return
1:01 what is required for the page, but whatever it did, was executed on the server,
1:07 and if it's executed on the server, this does things like
1:10 alter your database or changes permissions or other things like that,
1:14 you probably don't want it to be executable.
1:16 Also, this follows the inheritance hierarchy as you can imagine,
1:20 there is also on the base controller, I've added a dont_expose_as_web_action_base,
1:24 if I go over here and I do this again _base,
1:29 I get the same error and you can bet if I scrolled down, here you go,
1:32 called on the base, so how do we deal with this?
1:35 It turns out there is a couple of options and it's really quite easy,
1:39 we just need to be aware of them mostly.
1:40 So what I have done is I have written a decorator that we can add to these methods
1:45 to say "these are not the web methods you are looking for",
1:48 so we'll say "import blue_yellow..." say like this,
1:51 "from" and I've written a decorator called "suppress"
1:55 so if I go down here and I say at @suppress on this.
2:00 And let me just go ahead and do the same thing for the other methods,
2:03 so we get it all done at once
2:05 now if we try those again, let's go over here and try the one,
2:11 you can see on the screen on the background, home controller and we hit it,
2:14 we no longer get mismatch of model type or something like that,
2:18 we get 404 not found and you can see there was no processing on the server,
2:22 again we try it for the base, which also has this suppress decorator, 404,
2:26 but things like our about page work perfect,
2:29 OK, so what's the suppress thing about?
2:32 Suppress is just a really simple decorator that I wrote, and it just has a little trick,
2:36 so what it does is it comes along and it says
2:39 OK we are going to be like any other action that Pyramid might go look for,
2:43 but instead of doing whatever action decorator does,
2:48 we are going to say "look, the request method that we are looking for"
2:52 remember, you can specify the request method
2:54 that is a match for this particular action,
2:57 we are going to say "the request method that is a match for this one
3:00 is not an HTTP verb", so normally this is post, get, put, delete, etc, a few other ones.
3:07 Not an HTTP verb, it is not something the browser is going to send,
3:11 you can put a random GUI there, just something that is not get, post
3:15 and that will mean there is going to be no match, regardless of how the URL routing gets setup.
3:20 So very simple fix to make sure that there are certain methods that you don't expose,
3:24 now on some web apps I realize this just doesn't matter,
3:27 people poking around, it's not going to make a difference
3:30 but I do want to point out that this could be a problem,
3:32 in certain circumstances and there is a super simple fix for it.