New in version 1.1.
Action filters
Base filter with a pass-through implementation.
Called after mvc.Application.service has called the actual action.
rsp is the object returned from the actual action.
Should return rsp
Called before mvc.Application.service calls the actual action.
Should return a tuple of (args, kw)
Requires the client to resend the request, passing a one-time valid token as a confirmation.
Used like this:
@expose(filters=filters.confirm)
def delete(self, id, confirmed=False, *args, **kwargs):
item = Item.get_by(id=id)
if confirmed:
item.delete()
return {'msg': 'Item was successfully deleted'}
else:
return {'msg': 'To confirm deletion, make a new request and ' 'include the attached confirm_token'}
Generates a random string which is stored in session with the key “confirm_token” and adds the same string to the response, keyed by “confirm_token”. The client needs to send the same request again with the addition of passing “confirm_token”, as a confirmation. This token will only be valid for one confirmation, thus providing a good protection against accidents.
The action being filtered by these filters receives a boolean kewyword argument named “confirmed”:
- When the value of this argument is True, the client did confirm (client sent a request containing a valid token). In this case, you should perform whatever action needed to be confirmed.
- When the value of “confirmed” is False, the client has not confirmed or tried to confirm with an invalid token. In this case, you should respond with some kind of information, telling the client to send a new request with the attached token.
Note: This filter will force the session to be a dictionary. If session is something else, this filter will replace session:
if not isinstance(req.session, dict):
req.session = {}