On Mar 31, 8:54 pm, David Gardner <[email protected]> wrote: > On 03/15/2011 02:38 PM, David Gardner wrote: > > > > > > > > > > > On 03/13/2011 04:21 PM, Billy wrote: > > >> I can't seem to get a default permission for the static folder set > >> within my project. I've attempted a few different methods of setting > >> up the authorization policy and defaults but I continue to get > >> ACLDenied permission output in the debug. > > >> Setup for authentication policy and the static view: > > >> authn_policy = AuthTktAuthenticationPolicy('supersecret', > >> callback=groupfinder) > >> authz_policy = ACLAuthorizationPolicy() > >> config = Configurator(settings=settings, > >> root_factory='myproject.models.RootFactory', > >> authentication_policy=authn_policy, > >> authorization_policy=authz_policy) > >> config.set_request_factory(RequestWithUserAttribute) > >> config.add_static_view(name='static', > >> path='myproject:static', > >> permssion='__no_permission_required__') > > >> An example of the debug_authorization messages I'm receiving. This > >> occurs for every static file being served: > > >> debug_authorization of urlhttp://localhost:6543/static/images/image.png > >> (view name u'' against context<pyramid.static.StaticURLInfo object at > >> 0xb0ecd6c>): ACLDenied permission '__no_permission_required__' via ACE > >> '<default deny>' in ACL'<No ACL found on any object in resource > >> lineage>' on context<pyramid.static.StaticURLInfo object at > >> 0xb0ecd6c> for principals ['system.Everyone'] > > > I just ran into the same problem myself, I'm new to Pyramid so I don't > > really know what I am doing here. > > It looks like the static views are ignoring the root_factory ACL. (Side > > note you have a type-o up there on permission) > > > So I hacked this into config.py:add_static_view() > > spec = self._make_spec(path) > > info = self.registry.queryUtility(IStaticURLInfo) > > if info is None: > > info = StaticURLInfo(self) > > if '__acl__' in kw: > > info.__acl__ = kw['__acl__'] > > self.registry.registerUtility(info, IStaticURLInfo) > > > info.add(name, spec, **kw) > > > Then in my __init__.py: > > > config.add_static_view('static', 'myproj:static', permission='valid_uuid', > > __acl__ = [ (Allow, 'valid_uuid', > > 'valid_uuid'), > > (Allow, 'current_uuid', > > 'current_uuid') ]) > > I'm curious is this a bug, or am I just doing something weird/wrong?
You could consider it a bug, yeah. static views have traditionally only been used to serve up static content to all users without respect to permission, and they haven't seen much usage in permission- protected scenarios Your workaround is reasonable and works fine, but it might be better to find a way to serve up the default root when a static view is added. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
