The @expose_page() decorator exposes the decorated method, providing authentication, SSO verification, and CSRF protection. The @expose_page() decorator is often used with the @route() decorator.
Note: Any controller method exposed to the user should use the @expose_page() decorator. Very few methods should ever be exposed without authentication.
@expose_page(must_login, handle_api, methods, verify_session, verify_sso, trim_spaces)
|
must_login |
Boolean |
Login requirement control: True = (Default) Must be logged in to expose page. False = Login not required. |
|
handle_api |
Boolean, Constant |
API handler control: True = Requests beginning with /api are sent to the handler. False = (Default) All requests are sent to the handler.
ONLY_API = Only requests beginning with /api are sent to the handler. |
|
methods |
String |
Comma-separated list of method names s to apply the decorator to. Default = None . |
|
verify_session |
Boolean |
POST verification control: True = (Default) POSTs are verified to prevent CSRF. False = POSTs are not verified. |
|
verify_sso |
Boolean |
SSO IP address verification control: True = (Default) In SSO mode, verify the SSO IP address. False = Not in SSO mode, do not verify the SSO IP address. |
|
trim_spaces |
Boolean |
Keyword and value trim spaces control: True = Trim spaces from keywords and values. False = (Default) Do not trim spaces from keywords and values. |
@route('/:namespace/:action=fields')
@expose_page(must_login=True, handle_api=True, methods=['GET', 'POST'])
def fields(self, namespace, action, operation=None, **kwargs):
return self.render_admin_template('admin/fields.html', {
'namespace' : namespace,
'breadcrumbs' : self.generateBreadcrumbs(namespace, 'fields'),
})