Google App Engine - Admin Section
I am writing a web application with Google App Engine in Python that enables users to read books. I'd like to enable only administrators to add information about books and the contents of book pages to the website.
When restricting access to certain pages with the app.yaml configuration, such as below, is it necessary that the script associated with the admin pages be different from the script used for pages available to everyone. For instance, is there any problem if the script associated with /admin/.* urls be home.py instead of admin.py?
application: myapp
version: 1
runtime: python
api_version: 1
handlers:
- url: /
script: home.py
- url: /index\.html
script: home.py
- url: /admin/.*
script: admin.py
login: adm开发者_运维技巧in
- url: /.*
script: not_found.py
Thank you,
David
You can also use is_current_user_admin
inside your request-handling code to check programmatically.
You've essentially got two options... one is what you've already got, which is to keep all the admin pages under /admin
and apply blanket security on that path, which is what Adam has done.
The other is to keep the same pages for everyone (say you want to show special functions for the admins, like edit buttons or moderation tools) and like Adam already said, and use the is_current_user_admin()
function to determine what to show and do for the admins.
精彩评论