Pyramid auth - HTTPForbidden context route not firing

[richzilla]

Im having a bit of trouble getting security in pyramid to work
properly. My security itself seems to be working, if a user attempts
to an access a resource they are not authorized to view, pyramid
throws an HTTPForbidden exception. The problem is that in this
instance, its supposed to fall back to the login view, this isnt
happening, im just getting the default pyramid exception screen with
the stacktrace.

my login view:

http://pastebin.com/gQnPdf4B

All of views have a default permission set to 'view', my acl class
looks as follows:

http://pastebin.com/VvanZXbn

As i said, the ACL aspect appears to be working. Interestingly, if i
remove the default_permission from my init.py, everything works as
normal.

Any pointers as to where im going wrong would be appreciated.

[Mark Erbaugh]

Have you remapped the Forbidden view?

Sent from my iPad

> --
> You received this message because you are subscribed to the Google Groups "pylons-discuss" group.
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to pylons-discus...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
>

[richzilla]

I think so, there are two routes mapped to my login view. One of them
is an explicit route matched from a path, and other is a context based
route for HTTPForbidden. If its any help, the full stack trace for the
exception is as follows:

HTTPForbidden: debug_authorization of url http://localhost:6543/settings/articles
(view name u'' against context <HTTPForbidden at 0x3c066e8 403
Forbidden>): ACLDenied permission 'view' via ACE '<default deny>' in
ACL '<No ACL found on any object in resource lineage>' on context
<HTTPForbidden at 0x3c066e8 403 Forbidden> for principals
['system.Everyone']

On Oct 15, 2:20 pm, Mark Erbaugh <m...@microenh.com> wrote:
> Have you remapped the Forbidden view?
>
> Sent from my iPad
>

[Chris McDonough]

On Sat, 2011-10-15 at 07:50 -0700, richzilla wrote:
> I think so, there are two routes mapped to my login view. One of them
> is an explicit route matched from a path, and other is a context based
> route for HTTPForbidden. If its any help, the full stack trace for the
> exception is as follows:
>
> HTTPForbidden: debug_authorization of url http://localhost:6543/settings/articles
> (view name u'' against context <HTTPForbidden at 0x3c066e8 403
> Forbidden>): ACLDenied permission 'view' via ACE '<default deny>' in
> ACL '<No ACL found on any object in resource lineage>' on context
> <HTTPForbidden at 0x3c066e8 403 Forbidden> for principals
> ['system.Everyone']

You might try sending over the results of the command "paster proutes
development.ini" and/or your configuration code that calls add_route
and/or add_view.

- C

[richzilla]

Paster proutes output:

Name Pattern View
---- ------- ----
___debug_toolbar/static/ _debug_toolbar/static/*subpath <function
<pyramid.static.static_view object at 0x0385D030> at 0
x038C50F0>
debugtoolbar.source /_debug_toolbar/source <function
ExceptionDebugView at 0x038C55F0>
debugtoolbar.execute /_debug_toolbar/execute <function
ExceptionDebugView at 0x038C56B0>
debugtoolbar.console /_debug_toolbar/console <function
ExceptionDebugView at 0x038C57F0>
debugtoolbar.exception /_debug_toolbar/exception <function
ExceptionDebugView at 0x038C5530>
debugtoolbar.sql_select /_debug_toolbar/sqlalchemy/sql_select
<function SQLAlchemyViews at 0x038C58B0>
debugtoolbar.sql_explain /_debug_toolbar/sqlalchemy/sql_explain
<function SQLAlchemyViews at 0x038C5970>
__static/ static/*subpath <function
<pyramid.static.static_view object at 0x0388C4F0> at 0x038C5A70
>
home <function Home at
0x038D5730>
login login <function Login at
0x038CD6B0>
logout logout <function logout at
0x038CD7F0>
user_cp {username}/controlpanel <function ControlPanel
at 0x038D54B0>
cat_select catselect <function cat_select at
0x038D5AF0>
directory directory <function Directory at
0x038D55F0>
article article/{id} <function ArticleView
at 0x038D5370>
articles settings/articles <function Articles at
0x038CDA70>
create_article settings/articles/create <function CreateArticle
at 0x038CDCF0>
single_article settings/articles/{id} <function ArticleEdit
at 0x038CD930>
users settings/users <function Users at
0x038D5230>
create_user settings/users/create None
single_user settings/users/{id} <function SingleUser at
0x038CDF70>
category settings/category <function CategoryView
at 0x038CDBB0>
links settings/links <function Links at
0x038CDE30>
single_link settings/links/{id} None
uploads settings/uploads <function Uploads at
0x038D50F0>
page {routename} <function Page at
0x038D59B0>

and __init__.py is here:

http://pastebin.com/4Vbmu6P8

On Oct 15, 3:58 pm, Chris McDonough <chr...@plope.com> wrote:
> On Sat, 2011-10-15 at 07:50 -0700, richzilla wrote:
> > I think so, there are two routes mapped to my login view. One of them
> > is an explicit route matched from a path, and other is a context based
> > route for HTTPForbidden. If its any help, the full stack trace for the
> > exception is as follows:
>

> > HTTPForbidden: debug_authorization of urlhttp://localhost:6543/settings/articles

[Chris McDonough]

Didn't help much, sorry. I don't know. You might try replacing your
(complex) class-based-Login view with a simpler function-based one
temporarily to see if it gets called as you expect when an HTTPForbidden
is raised.

- C

[Kai Groner]

It sounds like the default permission is being applied to your HTTPForbidden view.

Would setting permission=NO_PERMISSION_REQUIRED on the HTTPForbidden view fix it?

Kai