Hi,
In pyramid-1.0a7, I noticed something that could be a permission mis-
feature with how add_route/view_config interact --
Sole add_route protects the view --
<__init__.py>
config.add_route('account', '/account',
renderer='templates/account.genshi',
view='myapp.views.account.account_view',
view_permission='view')
</__init__.py>
so does this --
<__init__.py>
config.add_route('account', '/account')
config.scan()
</__init__.py>
<account.py>
@view_config(route_name='account',
renderer='templates/account.genshi')
permission='view')
def account_view(request):
</account.py>
But with the following combination, the view is not protected --
<__init__.py>
config.add_route('account', '/account', view_permission='view')
config.scan()
</__init__.py>
<account.py>
@view_config(route_name='account', renderer='templates/
account.genshi')
def account_view(request):
</account.py>
If this is not considered a bug, maybe stating it explicitly in the
documentation could save others some time.
Thanks.
Jerry
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
