Subsections

14. How to make hidden masks or views

14.1 Introduction

Masks and views usually correspond to URLs. For instance, if one writes the following code:
CherryClass CommonMasks:
mask:
    def redLabel(self, label):
        <b><font color=red py-eval="label"></font></b>
CherryClass Root:
mask:
    def index(self):
        <html><body>
            Hello, <py-eval="commonMasks.redLabel('world')">
        </body></html>
The URL http://localhost:8000 will correspond to root.index.

That's fine, but this also means that if someone artificially types the URL http://localhost:8000/commonMasks/redLabel?label=IHateCherryPy, they will get the result of the redLabel mask.

In this case, it's not a very big deal because the redLabel mask doesn't do anything important, but in some cases this might be a problem. That's why hidden masks and views were included in CherryPy-0.8.

14.2 How it works

All you have to do is add the keyword hidden after the definition of the mask or view, and before the colon. In our example, one could write:
CherryClass CommonMasks:
mask:
    def redLabel(self, label) hidden:
        <b><font color=red py-eval="label"></font></b>
CherryClass Root:
mask:
    def index(self):
        <html><body>
            Hello, <py-eval="commonMasks.redLabel('world')">
        </body></html>

All this means is that the redLabel mask can no longer be accessed directly from the browser. But it can be called from another mask or view.

It is also possible to declare that an entire CherryClass is hidden, like this:

CherryClass CommonMasks hidden:
mask:
    def redLabel(self, label):
        <b><font color=red py-eval="label"></font></b>
CherryClass Root:
mask:
    def index(self):
        <html><body>
            Hello, <py-eval="commonMasks.redLabel('world')">
        </body></html>
In this case, all masks and views of CommonMasks will be hidden.

See About this document... for information on suggesting changes.