On Mar 17, 2011, at 7:29 AM, Martín Mulone wrote:
> @auth.requires(auth.has_membership(role='Admin'))
> def index():    
>     return dict()
> 
> No longer redirect to login page, instead show not authorized message. This 
> only happen in trunk.
> 


The two lines marked below were removed when Massimo put in the 403-error 
handling for RESTful requests, but the commit message doesn't mention them. Was 
that an accident?


    def requires(self, condition):
        """
        decorator that prevents access to action if not logged in
        """

        def decorator(action):

            def f(*a, **b):
                if self.settings.allow_basic_login_only and not self.basic():   
        <<<<<<<<<<<
                    return 
call_or_redirect(self.settings.on_failed_authorization)      <<<<<<<<<<<

                if not condition:
                    if not self.basic() and not self.is_logged_in():
                        request = self.environment.request
                        next = URL(r=request,args=request.args,
                                   vars=request.get_vars)
                        self.environment.session.flash = 
self.environment.response.flash
                        return 
call_or_redirect(self.settings.on_failed_authentication,
                                                self.settings.login_url + \
                                                    
'?_next='+urllib.quote(next))
                    else:
                        self.environment.session.flash = \
                            self.messages.access_denied
                        return 
call_or_redirect(self.settings.on_failed_authorization)
                return action(*a, **b)
            f.__doc__ = action.__doc__
            f.__name__ = action.__name__
            f.__dict__.update(action.__dict__)
            return f

        return decorator

Reply via email to