`ProjectAdminRestController._check_security` checks for `read` so that the export status check doesn't have to be authenticated. But, I guess if the script that queued the export is already authenticated, re-using the auth for the status check isn't a big deal.
I noticed the body of the 403 page but I have no idea how that's happening, as I'm just raising a standard `HTTPForbidden` exception. Maybe I should return None like the other parts of that method do, but that just allows *anon access with no error indicating that the auth failed (unless *anon is disallowed later on). The `name=request_token.name` was a part of a rolled-back change, and should have been removed. --- ** [tickets:#6692] Exports should be scriptable** **Status:** in-progress **Labels:** export **Created:** Fri Sep 20, 2013 05:43 PM UTC by Dave Brondsema **Last Updated:** Fri Oct 04, 2013 05:41 PM UTC **Owner:** Cory Johns Currently difficulties in project exports are: * requires a manual form submission * email is used to notify when ready * resulting filename is non-deterministic It should be possible to automate a project export with a script, with minimal difficulty. --- Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
