Hello, everybody.
This is just to let you know that most of the repoze.what integration in TG2
applications has been moved to an independent project so that Pylons users can
enjoy it too. This is *not* a backwards incompatible change and nobody has to
update their code.
However, it's worth noting that while creating the package, I discovered a bug
in @require: 403 errors were not raised if the user was already authenticated;
instead an 401 (which is for anonymous users only) was always raised and that
will trigger the repoze.who challenger even if the user already logged in. So
check if your application relies on this bug -- the fix is already in trunk.
I also introduced a long awaited class decorator to set controller-wide
authorization without the "allow_only" attribute:
> from tg import protect
>
> @protect(has_permission('manage'))
> class ControlPanel(YourBaseController):
> # everything here is protected!
> pass
So I suggest that we drop the "allow_only" and replace it with this cleaner
decorator, which can be used in Python <2.6 as:
> from tg import protect
>
> class ControlPanel(YourBaseController):
> # everything here is protected!
> pass
> ControlPanel = protect(has_permission('manage'))(ControlPanel)
The small changelog is at:
http://code.gustavonarea.net/repoze.what-pylons/News.html
The documentation will be updated accordingly once I work on:
http://trac.turbogears.org/ticket/2188
Comments?
--
Gustavo Narea <http://gustavonarea.net/>.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
