On Tue, 2010-10-26 at 10:30 +0200, Wichert Akkerman wrote:
> On 10/26/10 09:42 , Wichert Akkerman wrote:
> > I tried to use config.set_default_permission with repoze.bfg 1.3b1, but
> > it appears to do very little. My code looks like this:
> > config.set_default_permission("authenticated")
> > config.scan()
> > config.add_route("shop+category+article+detail",
> > "/shop/:category/detail/:id",
> > factory=factories.ArticleFactory)
> > config.add_route(...)
> > When I run the app with BFG_DEBUG_AUTHORIZATION=1 no permissions are
> > hooked up to the views:
> > 2010-10-26 09:38:19,943 debug_authorization of url
> > http://localhost:5000/shop/top/detail/2323 (view name u'' against
> > context<Article id=2323 modified=2010-09-13T17:05:05.844647>): Allowed
> > (no permission registered)
Yup, there's a problem here. I'll fix it, thanks for reporting.
> I figured out why: the bfg_view decorator passes a default permission of
> None when it calls config.add_view, but config.add_view tests for a
> special _marker value to see if it needs to use the default permission.
> If there a special reason add_view has to use a marker instead of None?
It's to be able to use ``None`` as a permission even when a default
permission is in effect (indicating that it's a completely anonymous
view regardless of the default permission).
Repoze-dev mailing list