#2207: identity.SecureObject doesn't cascade down to subcontrollers
------------------------+---------------------------------------------------
Reporter: fetchinson | Owner: faide
Type: defect | Status: new
Priority: highest | Milestone: 1.1
Component: TurboGears | Version: 1.0.8
Severity: major | Resolution:
Keywords: security |
------------------------+---------------------------------------------------
Comment (by Chris Arndt):
I can't confirm your last observation. Using !SecurerResource as an
additional base class for a controller also protects its subcontrollers.
Here's an example:
{{{
class ControllerB(controllers.Controller):
@expose()
def meth1(self):
return "ControllerB.meth1"
class ControllerA(controllers.Controller, identity.SecureResource):
require = identity.not_anonymous()
b = ControllerB()
@expose()
def meth1(self):
return "ControllerA.meth1"
class Root(controllers.RootController):
"""The root controller of the application."""
a = ControllerA()
# ...
}}}
Can you provide a test case (i.e. actual code) where !SecureResource
doesn't work as it should (is documented)?
--
Ticket URL: <http://trac.turbogears.org/ticket/2207#comment:4>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
-~----------~----~----~----~------~----~------~--~---
