Hello, On Tuesday January 6, 2009 02:00:48 Jorge Vargas wrote: > The long answer is that the way repoze.who works it honors REMOTE_USER > and bails out (assumes auth has been done by another wsgi component) > which makes repoze.what fail as it has no presence of a "real auth". > I'm not 100% sure if this is a bug (repoze.what shouldn't assume > repoze.who authenticated) or simply a bad use case that should be > documented.
Yeah, it's a serious/ugly limitation but strictly speaking not a bug because it's been created to be a repoze.who-based authorization framework. In the next major release of repoze.what (already under development), it will be fully repoze.who-independent and thus it will provide its own middleware. This will be the only backward incompatible change (since the setup_auth() function will be replaced), but fortunately this won't affect projects that use the quickstart plugin (nearly all TG2 projects, I think). Cheers! -- Gustavo Narea. General Secretary. GNU/Linux Matters <http://gnulinuxmatters.org/>. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
