I have a hubadmin.py and vcardadmin.py controller. I decorated the functions in both controllers using:
@auth.requires(lambda: auth.has_membership(HUB) or auth.has_membership(ADMIN)) @auth.requires(lambda: auth.has_membership(VCARD) or auth.has_membership(ADMIN)) When I am logged in as a user having HUB membership: http://127.0.0.1:8000/init/hubadmin/index and I manually change this url in the browser to: http://127.0.0.1:8000/init/vcardadmin/index I can visit this url, the decorator doesn't prevent access. When I remove lambda: @auth.requires(auth.has_membership(VCARD) or auth.has_membership(ADMIN)) and do the same thing, I am logged out. Why doesn't lambda work in this case? Kind regards, Annet