>> Unfortunately I don't have a fix but what's the official point of view >> on this ticket? >> >> http://trac.turbogears.org/ticket/2207 >> >> Neither identity.SecureObject nor identity.SecureResource protects a >> whole URL tree currently. > > Sorry, I can't confirm your findings. Secureresource does protect > subcontrollers as well. Take this example: > > > class ControllerB(controllers.Controller): > @expose() > def meth1(self): > return "ControllerB.meth1" > > class ControllerA(controllers.Controller, identity.SecureResource): > require = identity.not_anonymous() > b = ControllerB() > > @expose() > def meth1(self): > return "ControllerA.meth1" > > class Root(controllers.RootController): > a = ControllerA() > > # standard quickstart root controller following... > > > Accessing the URL /a/b/meth1 brings up the login screen as it should and > after login returns "ControllerB.meth1".
Sorry, you are right, I might have been checking with an older version or just simply messed up. > That leaves the CatWalk problem, which could probably be solved by > adding SecureResource as a mix-in dynamically. But I think that's not > enough reason to delay the release any further. If you come up with a > solution, though, I'll be glad to include it. I agree, catwalk itself should not hold up the release, I don't use it anyway myself. Cheers, Daniel -- Psss, psss, put it down! - http://www.cafepress.com/putitdown --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/turbogears-trunk?hl=en -~----------~----~----~----~------~----~------~--~---
