Daniel Fetchinson schrieb:
> Unfortunately I don't have a fix but what's the official point of view
> on this ticket?
>
> http://trac.turbogears.org/ticket/2207
>
> Neither identity.SecureObject nor identity.SecureResource protects a
> whole URL tree currently.
Sorry, I can't confirm your findings. Secureresource does protect
subcontrollers as well. Take this example:
class ControllerB(controllers.Controller):
@expose()
def meth1(self):
return "ControllerB.meth1"
class ControllerA(controllers.Controller, identity.SecureResource):
require = identity.not_anonymous()
b = ControllerB()
@expose()
def meth1(self):
return "ControllerA.meth1"
class Root(controllers.RootController):
a = ControllerA()
# standard quickstart root controller following...
Accessing the URL /a/b/meth1 brings up the login screen as it should and
after login returns "ControllerB.meth1".
That leaves the CatWalk problem, which could probably be solved by
adding SecureResource as a mix-in dynamically. But I think that's not
enough reason to delay the release any further. If you come up with a
solution, though, I'll be glad to include it.
Chris
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Trunk" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-trunk?hl=en
-~----------~----~----~----~------~----~------~--~---
