#1131: [Patch] identity.SecureResource not catching IdentityExceptions properly
--------------------------+-------------------------------------------------
Reporter: PeterRussell | Owner: anonymous
Type: defect | Status: closed
Priority: high | Milestone: 1.0b2
Component: Identity | Version: 1.0b1
Severity: normal | Resolution: fixed
Keywords: |
--------------------------+-------------------------------------------------
Changes (by alberto):
* status: new => closed
* resolution: => fixed
Comment:
I believe this patch should not be applied. The docs state that:
{{{
Again, derive your controller from identity.SecureResource. Perform your
identity check at the method level. If the user doesn't have the required
permissions, throw a *suitable* IdentityException
}}}
(Emphais by me)
SecureResource should not trap any IdentityException and redirect to login
page because maybe that's not what the user wants (maybe a user-defined
IdentityException should trigger a "403 Forbidden" instead of a
redirection to the login page and 401...)
I've comitted your tests at [2250] but tweaked
in_admin_group_explicit_check to explicitly raise an IdentityFailure which
is what will trigger the intended behaviour (redirecting to login page).
What I've fixed is making sure IdentityFailure inherits from
IdentityException too so the docs don't lie ;) (well, and because an
IdentityFailure should be an IdentityException, shouldn't it?)
Thanks for the tests :)
Alberto
--
Ticket URL: <http://trac.turbogears.org/turbogears/ticket/1131>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TurboGears Tickets" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en
-~----------~----~----~----~------~----~------~--~---
