Python for Entrepreneurs Transcripts
Chapter: Build web apps with Pyramid: Applied web development
Lecture: Concept: Plugging leaky actions
0:02 These controllers through Pyramid handlers are awesome,
0:05 and they really make working with your code and organizing it super easy,
0:10 but one of the challenges you run into in this nice and easy routing that we've set up,
0:14 this pattern matching we've set up, is methods
0:18 that are not necessarily intended to be public,
0:20 can become externally callable via some URL.
0:25 So in this example we've got something that is meant to be mapped to your URL,
0:29 the index and you can see it checks and says if there is no data
0:32 we are going to reset the data and then we are going to do something else.
0:35 Now maybe that reset data has consequences
0:37 you don't want people to be able to mess with,
0:40 and because we've written good, small organized code, we have this broken
0:46 into different functions, and things like that, but because it is a function,
0:49 on a controller class, it is executable by default
0:53 we probably don't want that
0:54 so imagine what we would get if we went to /server/home/reset_data
1:00 maybe it's fine but maybe it's not and if it's not, what do you do about it?
1:03 Well, you saw that we can create this suppress decorator,
1:06 it's also an action decorator, it just happens to change
1:09 the target request method in HTTP.
1:12 So basically we tell Pyramid handlers "look, this function should only be called
1:16 if the browser sends not an HTTP verb-type request, instead of get post" and so on,
1:23 let me just put that @suppress onto the various methods
1:27 we want to basically make inaccessible by using the invalid HTTP verb.
1:31 Now we can safely put these methods on our controller classes
1:34 and we won't be concerned about them possibly getting called inappropriately.