How does tornado stop current request handler?

Question

There a some subclass inheritance ManageHandler, and each sub class need to do private check. So, I write private_auth and let it to do the private che

Answer 1

Tornado isn't designed to do authentication and other operations in RequestHandler.__init__. That's why you get an exception when you call self.finish from __init__: the RequestHandler isn't ready to run finish yet.

Instead, override get_current_user(). The basic instructions are here:

http://tornado.readthedocs.org/en/latest/web.html#tornado.web.RequestHandler.get_current_user

And an example is here:

http://technobeans.wordpress.com/2012/08/14/tornado-authentication/

In your get_current_user(), don't set self.user and self.private, just return a tuple. Something like this:

def get_current_user(self):
    private = -1
    user = self.get_secure_cookie("user")
    if user:
        private = self.UserModel.get_user_level_by_name(self.user)

    return (user, private) if private == 4 else None

Tornado will handle the rest. In your get() method, the current (user, private) tuple will be set in self.current_user.