Python for Entrepreneurs Transcripts
Chapter: Build web apps with Pyramid: Applied web development
Lecture: Plugging leaky actions demo

Login or purchase this course to watch this video and the rest of the course contents.
0:01 So as you can tell, I am very bullish on this idea of handlers and controllers in Pyramid
0:07 and I think it really makes organizing and extending your code, your website much much easier.
0:13 There is one little gotcha I want to make you are aware of, and give you a real quick fix for. So notice in this controller I've added a new method
0:20 called dont_expose_as_web_action these three methods are meant to be called at /home/index
0:26 or /home/about and so on, but maybe this is like an internal function,
0:30 and this is really meant to be used by these other things possibly conditionally,
0:35 like this is "create a new user" and it passes some data or something like that, so it turns out that if we don't take a small step,
0:42 this method also becomes callable, with the way we've set things up, let me show you.
0:49 So if I come over here and notice it's printing called don't expose, even though you are going to see a crash in the browser,
0:56 if I go over here and I put this method name up here, dont_expose_as_web_action, it crashes, because it doesn't return
1:02 what is required for the page, but whatever it did, was executed on the server, and if it's executed on the server, this does things like
1:11 alter your database or changes permissions or other things like that, you probably don't want it to be executable.
1:17 Also, this follows the inheritance hierarchy as you can imagine, there is also on the base controller, I've added a dont_expose_as_web_action_base,
1:25 if I go over here and I do this again _base, I get the same error and you can bet if I scrolled down, here you go,
1:33 called on the base, so how do we deal with this? It turns out there is a couple of options and it's really quite easy,
1:40 we just need to be aware of them mostly. So what I have done is I have written a decorator that we can add to these methods
1:46 to say "these are not the web methods you are looking for", so we'll say "import blue_yellow..." say like this,
1:52 "from" and I've written a decorator called "suppress" so if I go down here and I say at @suppress on this.
2:01 And let me just go ahead and do the same thing for the other methods, so we get it all done at once
2:06 now if we try those again, let's go over here and try the one, you can see on the screen on the background, home controller and we hit it,
2:15 we no longer get mismatch of model type or something like that, we get 404 not found and you can see there was no processing on the server,
2:23 again we try it for the base, which also has this suppress decorator, 404, but things like our about page work perfect,
2:30 OK, so what's the suppress thing about? Suppress is just a really simple decorator that I wrote, and it just has a little trick,
2:37 so what it does is it comes along and it says OK we are going to be like any other action that Pyramid might go look for,
2:44 but instead of doing whatever action decorator does, we are going to say "look, the request method that we are looking for"
2:53 remember, you can specify the request method that is a match for this particular action,
2:58 we are going to say "the request method that is a match for this one
3:01 is not an HTTP verb", so normally this is post, get, put, delete, etc, a few other ones.
3:08 Not an HTTP verb, it is not something the browser is going to send, you can put a random GUI there, just something that is not get, post
3:16 and that will mean there is going to be no match, regardless of how the URL routing gets setup.
3:21 So very simple fix to make sure that there are certain methods that you don't expose, now on some web apps I realize this just doesn't matter,
3:28 people poking around, it's not going to make a difference but I do want to point out that this could be a problem,
3:33 in certain circumstances and there is a super simple fix for it.


Talk Python's Mastodon Michael Kennedy's Mastodon