Authentication & Authorization #262

ralixit · 2022-01-26T13:31:47Z

ralixit
Jan 26, 2022

I'm tackling the anvil_extras piece, especially authentication & authorization, And I am having trouble with it.

Using the authentication, I could only get it to work by passing in the function name into the decorator; as far as authorizing 🙄
Is passing in the ( func ) needed?

Answered by rhurlbatt

Feb 16, 2022

I have been using this module with great results.

As per the docs , you do not need to pass the function name to the decorator, simply decorate the function as per below.

@anvil.server.callable
@authentication_required
def sensitive_server_function():
  do_stuff()

For the @authorisation_required decorator, you must have followed the instructions below and have the necessary roles and permissions tables set up and linked correctly. Then decorate the function with the appropriate 'role' string (can_edit_sensitive_thing).

@anvil.server.callable
@authorisation_required("can_edit_sensitive_thing")
def sensitive_server_function():
  do_stuff()

Have you done this?
Can you provide a clone link …

View full answer

rhurlbatt · 2022-02-16T14:30:49Z

rhurlbatt
Feb 16, 2022

I have been using this module with great results.

As per the docs , you do not need to pass the function name to the decorator, simply decorate the function as per below.

@anvil.server.callable
@authentication_required
def sensitive_server_function():
  do_stuff()

For the @authorisation_required decorator, you must have followed the instructions below and have the necessary roles and permissions tables set up and linked correctly. Then decorate the function with the appropriate 'role' string (can_edit_sensitive_thing).

@anvil.server.callable
@authorisation_required("can_edit_sensitive_thing")
def sensitive_server_function():
  do_stuff()

Have you done this?
Can you provide a clone link or sample code?

1 reply

antletem Mar 30, 2022

How do you handle the error's raised by the authorization_required decorator?

I've been able to handle it the following way:

@authenticated_callable
def sensitive_server_function_wrapper(_id=None):
  try:
    return sensitive_server_function(_id=_id)
  except ValueError as e:
    print(f'Exception: {e}')
    return str(e)

@authorisation_required("permission")
def sensitive_server_function():
   """do stuff here"""

But I feel like it is not the best way to get the error on the client side to display to the user.

meatballs · 2022-03-30T16:12:37Z

meatballs
Mar 30, 2022
Maintainer

There's a relevant discussion on catching server errors in the client at https://anvil.works/forum/t/handling-exception-coming-from-the-server-uplink-modules/1400

TLDR; you need to use except Exception rather than except ValueError

Here's an MWE showing how it works: https://anvil.works/build#clone:77KWIM3RW5US2EIM=2CFATCCNWQQT5TNL7PHQADEY

3 replies

antletem Mar 30, 2022

Thank you!

meatballs Mar 30, 2022
Maintainer

No problem. If that's fixed it for you, please mark this as answered and start a new topic here for anything else.

antletem Mar 30, 2022

It worked! Looked like you already marked the original answer. Thanks!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Authentication & Authorization #262

{{title}}

Replies: 2 comments 4 replies

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

{{title}}

Select a reply

Authentication & Authorization #262

ralixit Jan 26, 2022

Replies: 2 comments · 4 replies

rhurlbatt Feb 16, 2022

antletem Mar 30, 2022

meatballs Mar 30, 2022 Maintainer

antletem Mar 30, 2022

meatballs Mar 30, 2022 Maintainer

antletem Mar 30, 2022

ralixit
Jan 26, 2022

Replies: 2 comments 4 replies

rhurlbatt
Feb 16, 2022

meatballs
Mar 30, 2022
Maintainer

meatballs Mar 30, 2022
Maintainer