#2262: .allow_only doesn't distinguish 401s vs. 403s
---------------------------------------------+------------------------------
Reporter: jorge.vargas | Owner: Gustavo
Type: defect | Status: assigned
Priority: highest | Milestone: 2.0rc1
Component: TurboGears | Version: 2.0b7
Severity: blocker | Resolution:
Keywords: repoze.what, repoze.what-pylons |
---------------------------------------------+------------------------------
Comment (by Gustavo):
Replying to [comment:4 mramm]:
> Gustavo, can we sort this out tomorrow.
I'm sorry, I didn't have enough time yesterday.
> I have a couple failing auth tests with the current trunk, and I'd like
to figure out the full problem and get this resolved sooner rather than
later, so that we can do an RC1 release this week.
>
> I'm willing to revert 6481, if and only if everything works out of the
box without it.
>
> Are there still problems with the __before__, and if so is there any way
we can have tests that show only that problem so that we can fix it?
Yes, there are still problems with !__before!__.
I don't have tests I added some tests for controller-wide authorization
using the .allow_only attribute and !__before!__, so that we can reproduce
the problem. If you revert the _check_security stuff (e.g., using the
patch I attached), you'll see four failing tests -- there's our problem.
I've spent more time on it, but I've not been able to fix it.
--
Ticket URL: <http://trac.turbogears.org/ticket/2262#comment:5>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---
