aiohttp-security icon indicating copy to clipboard operation
aiohttp-security copied to clipboard
verified publisher icon aio-libs

Why has_permission decorator is being deprecated ?

Open lucasm0ta opened this issue 5 years ago • 1 comments

Checking on the code, the decorator has_permission option is being deprecated in favor of check_permission which has no decorator option. Why? My best guess is is that it should not be the responsibility of the package to implement such feature, but I could not find the documented reason.

lucasm0ta avatar Aug 07 '20 14:08 lucasm0ta

See #169

TL;DR (though it's a short thread): the only difference in practice is that you put the new calls after function definition and not before and it helps with debugging and is better in class-based views.

There is little difference between

@has_permission("read")
async def handler(request):
    (your code)

And

async def handler(request):
    await check_permission(request, "read")
    (your code)

And both do exactly the same thing in the app - raise HTTPForbidden if user is unauthorized

No idea why it wasn't documented anywhere though, since that thread even mentions explaining the reasoning in documentation.

oplik0 avatar Aug 13 '20 14:08 oplik0