From Authorisation — Anvil Extras documentation
@anvil.server.callable
@authentication_required
def sensitive_server_function():
do_stuff()
This is great, but I feel like this should be baked into anvil by default with the option to opt out of requiring authentication.
For most professional apps I’m going to build, I want the backend server functions to require authentication, with authentication opt-out decorators. So the above code would look this, with the Authentication Service turned ON:
@anvil.server.callable
def sensitive_server_function():
do_stuff()
The @authentication_required
decorator is not required, but provides the same functionality as if it were explicitly provided.
The way the opt-out decorators would look with the Authentication Service turned ON would be something like:
@anvil.server.callable
@authentication_not_required
def non_sensitive_server_function():
do_stuff()
Not sure if this checks all of the needs you’re looking for…BUT
anvil.server.callable
has an argument that can be toggled on.
I use the following statement.
authenticated_callable = anvil.server.callable(require_user=True)
You could set it to some flag that is toggled by some method.
See related docs
3 Likes
For apps which use the Users service, it makes sense to default to authentication ON.
For apps which don’t? To me, the sensible default in that case whould be OFF.
2 Likes
To be safe, you could even remove the import anvil.server
line from the top of your server modules and instead only from ./utils import authenticated_callable
(after putting it in a separate, custom utils
module). You could even name it callable
(that is, treat authenticated as the default) and have a separate unauthenticated_callable
decorator.
p.s. If you wanted to combine anvil.server.callable with the more advanced functionality of the anvil_extras Authorisation module, you could create a new decorator that combines the two decorators like this: Can I combine two decorators into a single one in Python? - Stack Overflow
2 Likes