Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #2254 (closed defect: fixed)

Opened 10 years ago

Last modified 8 years ago

.allow_only is broken in the RootController

Reported by: Gustavo Owned by:
Priority: high Milestone: 2.0rc1
Component: TurboGears Version: trunk
Severity: blocker Keywords:
Cc:

Description

Controller-wide authorization doesn't work in the root controller when using the .allow_only attribute. I get the following exception when I try to use it there:

URL: http://127.0.0.1:8080/login?came_from=http://127.0.0.1:8080/auth
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/WebError-0.10.1-py2.6.egg/weberror/evalexception.py', line 431 in respond
  app_iter = self.application(environ, detect_start_response)
File '/home/gustavo/Projeti/TurboGears/TG2/tg/configuration.py', line 631 in wrapper
  return app(environ, start_response)
File '/home/gustavo/Projeti/TurboGears/TG2/tg/configuration.py', line 534 in remover
  return app(environ, start_response)
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/repoze.tm2-1.0a3-py2.6.egg/repoze/tm/__init__.py', line 19 in __call__
  result = self.application(environ, save_status_and_headers)
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/repoze.who-1.0.10-py2.6.egg/repoze/who/middleware.py', line 107 in __call__
  app_iter = app(environ, wrapper.wrap_start_response)
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/ToscaWidgets-0.9.5dev_20081026-py2.6.egg/tw/core/middleware.py', line 36 in __call__
  return self.wsgi_app(environ, start_response)
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/ToscaWidgets-0.9.5dev_20081026-py2.6.egg/tw/core/middleware.py', line 59 in wsgi_app
  resp = req.get_response(self.application)
File 'build/bdist.linux-i686/egg/webob/__init__.py', line 1325 in get_response
File 'build/bdist.linux-i686/egg/webob/__init__.py', line 1293 in call_application
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/ToscaWidgets-0.9.5dev_20081026-py2.6.egg/tw/core/resource_injector.py', line 67 in _injector
  resp = req.get_response(app)
File 'build/bdist.linux-i686/egg/webob/__init__.py', line 1325 in get_response
File 'build/bdist.linux-i686/egg/webob/__init__.py', line 1293 in call_application
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/Beaker-1.2.2-py2.6.egg/beaker/middleware.py', line 81 in __call__
  return self.app(environ, start_response)
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/Beaker-1.2.2-py2.6.egg/beaker/middleware.py', line 160 in __call__
  return self.wrap_app(environ, session_start_response)
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/Routes-1.10.3-py2.6.egg/routes/middleware.py', line 130 in __call__
  response = self.app(environ, start_response)
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/Pylons-0.9.7-py2.6.egg/pylons/wsgiapp.py', line 125 in __call__
  response = self.dispatch(controller, environ, start_response)
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/Pylons-0.9.7-py2.6.egg/pylons/wsgiapp.py', line 324 in dispatch
  return controller(environ, start_response)
File '/home/gustavo/Projeti/TurboGears/FakeProjects/polishedtg/polishedtg/lib/base.py', line 44 in __call__
  return TGController.__call__(self, environ, start_response)
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/Pylons-0.9.7-py2.6.egg/pylons/controllers/core.py', line 217 in __call__
  response = self._inspect_call(self.__before__)
File '/home/gustavo/System/Pyenvs/tg2/lib/python2.6/site-packages/Pylons-0.9.7-py2.6.egg/pylons/controllers/core.py', line 80 in _inspect_call
  argspec = cached_argspecs[func.im_func]
AttributeError: 'function' object has no attribute 'im_func'

Note that this bug is specific to TG2 and its RootController:

  • In Pylons it works like a charm.
  • If the @allow_only decorator is used directly, everything works.
  • If __before__ is defined and decorated with @require (what @allow_only does under-the-hood), it works.
  • This doesn't affect other controllers, only the RootController.

I'd appreciate help here because it seems to be related to routing stuff. I've spent some time trying to fix it, but I've had no success.

Attachments

root.py Download (4.0 KB) - added by Gustavo 10 years ago.
Ready to use RootController? to reproduce the bug easily
protectors.diff Download (1.4 KB) - added by percious 10 years ago.
fix to repoze.what plugin

Change History

Changed 10 years ago by Gustavo

Ready to use RootController? to reproduce the bug easily

Changed 10 years ago by percious

fix to repoze.what plugin

comment:1 Changed 10 years ago by Gustavo

  • Status changed from new to closed
  • Resolution set to fixed

The problem was that TG passes a class instance to ControllerProtector, while it only supported classes.

Fixed in repoze.what-pylons v1.0rc3 thanks to Alberto Valverde and Chris Perkins:  http://code.gustavonarea.net/repoze.what-pylons/News.html#repoze-what-pylons-1-0rc3-2009-03-04

Note: See TracTickets for help on using tickets.