HTTPForbidden上下文路由未触发
HTTPForbidden上下文路由未触发
提问于 2011-10-15 05:39:01
我在让金字塔中的安全性正常工作时遇到了一些问题。我的安全性本身似乎是有效的:如果用户试图访问他们无权查看的资源,金字塔就会抛出一个HTTPForbidden异常。问题是,在这种情况下,它应该回退到登录视图,但这并没有发生。我只是得到了默认的金字塔异常屏幕和堆栈跟踪。
我的登录视图:
from pyramid.httpexceptions import HTTPForbidden
@view_config(context = HTTPForbidden, renderer="login.mak")
@view_config(route_name = 'login', renderer='login.mak')
class Login(ViewBase):
def __init__(self, request):
super(Login, self).__init__(request)
self.data['title'] = "Login"
if request.method == 'POST':
name = request.params['username']
passwd = request.params['password']
validuser = User.check(name, passwd)
if validuser is None:
self.data['requested_path'] = request.params['requestpath']
self.__call__()
else:
headers = remember(request, str(validuser.id))
raise HTTPFound(
location = request.params['requestpath'],
headers = headers
)
else:
self.data['requested_path'] = request.url
def __call__(self):
return self.data所有视图都有一个默认权限设置为'view',我的acl类如下所示:
from pyramid.security import Allow
from pyramid.security import Everyone
from pyramid.security import Authenticated
from pyramid.security import ALL_PERMISSIONS
# Handles ACL auth for the entire application
class RootFactory(object):
__acl__ = [
(Allow, Everyone, 'view'),
(Allow, 'Editor', 'edit'),
(Allow, 'Admin', ALL_PERMISSIONS)
]
def __init__(self, request):
pass
def groupfinder(userid, request):
from ctic.models import User
user = User.get(userid)
member_groups = []
if user != None:
member_groups.append(user.group.groupname)
return member_groups
else:
return None正如我所说的,ACL方面似乎正在工作。
有趣的是,如果我从init.py中删除default_permission,一切都会正常工作。
任何关于我在哪里出错的建议都将不胜感激。
Stack Overflow用户
发布于 2011-11-24 10:32:15
您可能想要在view_config中添加"permission=NO_PERMISSION_REQUIRED“
from pyramid.security import NO_PERMISSION_REQUIRED
@view_config(context = HTTPForbidden, renderer="login.mak", permission=NO_PERMISSION_REQUIRED)页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/7773851
复制相关文章
相似问题
腾讯云开发者
