Closed lrowe closed 11 years ago
I'm a little worried about the potential for misuse with z3c.form button handlers, for instance:
class A(Form):
@buttonAndHandler(u'Submit')
@protect(CheckAuthenticator, PostOnly)
def handle_submit(self, action):
# Protected
class B(Form):
@protect(CheckAuthenticator, PostOnly)
@buttonAndHandler(u'Submit')
def handle_submit(self, action):
# Unprotected
This second button handler is in unprotected because the @buttonAndHandler()
decorator has already registered the raw function before the @protect
decorator is executed. This will currently raise an error (buttonAndHandler returns the function wrapped as a Handler object which the decorator module barfs at) but we'd want to try and work out if there are other similar potential uses that might not raise an exception.
For the record, the decorator package this branch depends on is BSD licensed: http://pypi.python.org/pypi/decorator
Following suggestion from @davisagli, this makes the protect decorator easier to use with z3c.form.