On Mar 17, 2011, at 7:29 AM, Martín Mulone wrote: > @auth.requires(auth.has_membership(role='Admin')) > def index(): > return dict() > > No longer redirect to login page, instead show not authorized message. This > only happen in trunk. >
The two lines marked below were removed when Massimo put in the 403-error handling for RESTful requests, but the commit message doesn't mention them. Was that an accident? def requires(self, condition): """ decorator that prevents access to action if not logged in """ def decorator(action): def f(*a, **b): if self.settings.allow_basic_login_only and not self.basic(): <<<<<<<<<<< return call_or_redirect(self.settings.on_failed_authorization) <<<<<<<<<<< if not condition: if not self.basic() and not self.is_logged_in(): request = self.environment.request next = URL(r=request,args=request.args, vars=request.get_vars) self.environment.session.flash = self.environment.response.flash return call_or_redirect(self.settings.on_failed_authentication, self.settings.login_url + \ '?_next='+urllib.quote(next)) else: self.environment.session.flash = \ self.messages.access_denied return call_or_redirect(self.settings.on_failed_authorization) return action(*a, **b) f.__doc__ = action.__doc__ f.__name__ = action.__name__ f.__dict__.update(action.__dict__) return f return decorator