Please open a defect here http://www.assembla.com/spaces/liftweb/tickets
Br's, Marius On Feb 7, 10:44 pm, aw <anth...@whitford.com> wrote: > OK, I think I found the source code that is the culprit. From > LiftServlet.scala: > > http://github.com/dpp/liftweb/blob/master/framework/lift-base/lift-we... > > private def authPassed_?(req: Req): Boolean = { > > val checkRoles: (Role, List[Role]) => Boolean = { > case (resRole, roles) => (false /: roles)((l, r) => l || > resRole.isChildOf(r.name)) > } > > val role = NamedPF.applyBox(req, > LiftRules.httpAuthProtectedResource.toList) > role.map(_ match { > case Full(r) => > LiftRules.authentication.verified_?(req) match { > case true => checkRoles(r, userRoles.get) > case _ => false > } > case _ => true > }) openOr true > } > > This logic seems to be inconsistent with the documentation found in > LiftRules.scala: > > http://github.com/dpp/liftweb/blob/master/framework/lift-base/lift-we... > > /** > * Defines the resources that are protected by authentication and > authorization. If this function > * is notdefined for the input data, the resource is considered > unprotected ergo no authentication > * is performed. If this function is defined and returns a Full can, > it means that this resource > * is protected by authentication,and authenticated subjed must be > assigned to the role returned by > * this function or to a role that is child-of this role. If this > function returns Empty it means that > * this resource is protected by authentication but no authorization > is performed meaning that roles are > * not verified. > */ > val httpAuthProtectedResource = > RulesSeq[HttpAuthProtectedResourcePF] > > Shouldn't there be something like: > > case Empty => > LiftRules.authentication.verified_?(req) > > ? -- You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to lift...@googlegroups.com. To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.
