On 1/6/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Is the above code incorrect? it let me access > htt://localhost:8080/Admin/Auth without any identification...
I was wondering about that. I don't think identity.SecureResource actually blocks the whole tree below... just the items on that one resource. Which is bound to trip people up. To test that theory, try accessing a method on Admin directly and see if that requires authentication. Kevin > class Admin(controllers.Controller, identity.SecureResource): > required_groups= ["admin"] > identity_required= True > > Auth = CatWalk(turbogears.identity.model.somodel)
