Writing a CherryPy Decorator for Authorization

Question

I have a cherrypy application and on some of the views I want to start only allowing certain users to view them, and sending anyone else to an authorization required page.

Answer 1

You really don't want to be writing custom decorators for CherryPy. Instead, you want to write a new Tool:

def myauth(allowed_groups=None, debug=False):
    # Do your auth here...
    authlib.auth(...)
cherrypy.tools.myauth = cherrypy.Tool("on_start_resource", myauth)

See http://docs.cherrypy.org/en/latest/extend.html#tools for more discussion. This has several benefits over writing a custom decorator:

1. You get the decorator for free from the Tool: @cherrypy.tools.myauth(allowed_groups=['me']), and it already knows how to not clobber cherrypy.exposed on the same function.
2. You can apply Tools either per-handler (with the decorator), per-controller-tree (via _cp_config) or per-URI-tree (in config files or dicts). You can even mix them and provide a base feature via decorators and then override their behavior in config files.
3. If a config file turns your feature off, you don't pay the performance penalty of calling the decorator function just to see if it's off.
4. You'll remember to add a 'debug' arg like all the builtin Tools have. ;)
5. Your feature can run earlier (or later, if that's what you need) than a custom decorator can, by selecting a different "point".
6. Your feature can run at multiple hook points, if needed.