I would volunteer to carry out the preparations. If there are any
outstanding tickets, which you would like to resolve (i.e. provide a
solution for) before that, please speak up until this Friday.
Chris
Unfortunately I don't have a fix but what's the official point of view
on this ticket?
http://trac.turbogears.org/ticket/2207
Neither identity.SecureObject nor identity.SecureResource protects a
whole URL tree currently. This is independent of catwalk, which I
don't use anymore and it was indicated on this list that catwalk is
anyway semi-deprecated and not recommended. But this problem of
protecting a whole tree applies without catwalk too (I just mention
this because in the ticket I was talking about catwalk, but the
problem is more general).
In other words, is there an officially blessed way of protecting a
whole URL tree?
Cheers,
Daniel
--
Psss, psss, put it down! - http://www.cafepress.com/putitdown
Sorry, I can't confirm your findings. Secureresource does protect
subcontrollers as well. Take this example:
class ControllerB(controllers.Controller):
@expose()
def meth1(self):
return "ControllerB.meth1"
class ControllerA(controllers.Controller, identity.SecureResource):
require = identity.not_anonymous()
b = ControllerB()
@expose()
def meth1(self):
return "ControllerA.meth1"
class Root(controllers.RootController):
a = ControllerA()
# standard quickstart root controller following...
Accessing the URL /a/b/meth1 brings up the login screen as it should and
after login returns "ControllerB.meth1".
That leaves the CatWalk problem, which could probably be solved by
adding SecureResource as a mix-in dynamically. But I think that's not
enough reason to delay the release any further. If you come up with a
solution, though, I'll be glad to include it.
Chris
I have updated the 1.1 changelog to include all changes since the last
beta release (1.1b3) which are unique to the 1.1+1.5 branches.
Could all interested individuals please check if sth important is
missing and if I have missed any contributors to this release?
I leave it to somebody else to update the 1.0 changelog with all the
changes that also affected the 1.0 branch.
Chris
Sorry, you are right, I might have been checking with an older version
or just simply messed up.
> That leaves the CatWalk problem, which could probably be solved by
> adding SecureResource as a mix-in dynamically. But I think that's not
> enough reason to delay the release any further. If you come up with a
> solution, though, I'll be glad to include it.
I agree, catwalk itself should not hold up the release, I don't use it
anyway myself.
Turns out, this was solely a problem in CatWalk. This is now fixed in
SVN r6643.
Chris
Great! Thanks Chris, this issue made me a bit uneasy but granted, I
haven't done my testing carefully enough, it's good to know that it
was catwalk only.
The only real roadblock I currently see is
http://trac.turbogears.org/ticket/2036. Anybody has any ideas how to
handle this?
Chris
TG 1.1rc1 will in all probability be released tonight. If you want any
last-minute fixes in, speak up NOW!
If 1.1rc1 works well, it will be released as 1.1final in two weeks.
Chris