On Fri, 2010-12-24 at 22:15 -0800, jerry wrote:
> But with the following combination, the view is not protected --
>
> <__init__.py>
> config.add_route('account', '/account', view_permission='view')
> config.scan()
> </__init__.py>
>
> <account.py>
> @view_config(route_name='account', renderer='templates/
> account.genshi')
> def account_view(request):
> </account.py>
>
> If this is not considered a bug, maybe stating it explicitly in the
> documentation could save others some time.
It's not a bug. The permission passed to add_route only applies to the
view also passed to add_route. It ignored the view_permission argument
because there was no view. Rather than attempting to document it, I've
added a guard to the code that will prevent an add_route configuration
from accepting "view_permission" unless there is also a "view" passed at
the same time.
- C
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
