HTTPForbidden 上下文路由未触发
我在让 Pyramid 的安全性正常工作时遇到了一些麻烦。我的安全性本身似乎有效:如果用户尝试访问他们无权查看的资源,Pyramid 会抛出 HTTPForbidden 异常。问题是,在这种情况下,它应该回退到登录视图,但这并没有发生。我刚刚获得带有堆栈跟踪的默认金字塔异常屏幕。
我的登录视图:
from pyramid.httpexceptions import HTTPForbidden
@view_config(context = HTTPForbidden, renderer="login.mak")
@view_config(route_name = 'login', renderer='login.mak')
class Login(ViewBase):
def __init__(self, request):
super(Login, self).__init__(request)
self.data['title'] = "Login"
if request.method == 'POST':
name = request.params['username']
passwd = request.params['password']
validuser = User.check(name, passwd)
if validuser is None:
self.data['requested_path'] = request.params['requestpath']
self.__call__()
else:
headers = remember(request, str(validuser.id))
raise HTTPFound(
location = request.params['requestpath'],
headers = headers
)
else:
self.data['requested_path'] = request.url
def __call__(self):
return self.data
所有视图的默认权限都设置为“查看”,我的 acl 类如下所示:
from pyramid.security import Allow
from pyramid.security import Everyone
from pyramid.security import Authenticated
from pyramid.security import ALL_PERMISSIONS
# Handles ACL auth for the entire application
class RootFactory(object):
__acl__ = [
(Allow, Everyone, 'view'),
(Allow, 'Editor', 'edit'),
(Allow, 'Admin', ALL_PERMISSIONS)
]
def __init__(self, request):
pass
def groupfinder(userid, request):
from ctic.models import User
user = User.get(userid)
member_groups = []
if user != None:
member_groups.append(user.group.groupname)
return member_groups
else:
return None
正如我所说,ACL 方面似乎正在工作。
有趣的是,如果我从 init.py 中删除 default_permission,一切都会正常进行。
任何关于我哪里出错的指示将不胜感激。
I'm having a bit of trouble getting security in Pyramid to work properly. My security itself seems to be working: if a user attempts to access a resource they are not authorized to view, Pyramid throws an HTTPForbidden exception. The problem is that in this instance, it's supposed to fall back to the login view, which isn't happening. I'm just getting the default Pyramid exception screen with the stacktrace.
my login view:
from pyramid.httpexceptions import HTTPForbidden
@view_config(context = HTTPForbidden, renderer="login.mak")
@view_config(route_name = 'login', renderer='login.mak')
class Login(ViewBase):
def __init__(self, request):
super(Login, self).__init__(request)
self.data['title'] = "Login"
if request.method == 'POST':
name = request.params['username']
passwd = request.params['password']
validuser = User.check(name, passwd)
if validuser is None:
self.data['requested_path'] = request.params['requestpath']
self.__call__()
else:
headers = remember(request, str(validuser.id))
raise HTTPFound(
location = request.params['requestpath'],
headers = headers
)
else:
self.data['requested_path'] = request.url
def __call__(self):
return self.data
All of views have a default permission set to 'view', my acl class looks as follows:
from pyramid.security import Allow
from pyramid.security import Everyone
from pyramid.security import Authenticated
from pyramid.security import ALL_PERMISSIONS
# Handles ACL auth for the entire application
class RootFactory(object):
__acl__ = [
(Allow, Everyone, 'view'),
(Allow, 'Editor', 'edit'),
(Allow, 'Admin', ALL_PERMISSIONS)
]
def __init__(self, request):
pass
def groupfinder(userid, request):
from ctic.models import User
user = User.get(userid)
member_groups = []
if user != None:
member_groups.append(user.group.groupname)
return member_groups
else:
return None
As I said, the ACL aspect appears to be working.
Interestingly, if I remove the default_permission from my init.py, everything works as normal.
Any pointers as to where im going wrong would be appreciated.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
这可能与您的问题无关,但基于类的视图在 Pyramid 中的工作方式是一个两步过程。 1) Pyramid 使用
request对象实例化您的类 2) Pyramid 调用__call__方法或由view_config 中的。因此,在attr指定的方法__init__中对 self.__call__() 的调用是不正确的。您使用基于类的视图的方式有点不传统,但我在您粘贴的内容中没有看到任何实际的错误。
This is probably unrelated to your problem, but the way a class-based view works in Pyramid is that it's a 2-step process. 1) Pyramid instantiates your class with the
requestobject 2) Pyramid calls either the__call__method or a method specified byattrinview_config. Thus, the call toself.__call__()in your__init__is incorrect.The way you're using class-based views is a little unconventional, but I don't see any actual bugs in what you've pasted here.
在所有情况下,您的
groupfinder()都应返回一个列表。如果用户不属于任何组,则返回[]而不是None。我不确定这是否是你的问题。但当我返回
None而不是[]时,我遇到了类似的行为。Your
groupfinder()should return a list in all cases. If the user isn't in any groups, return[]instead ofNone.I'm not sure if this is your problem. But I experienced similar behaviour when I returned
Noneinstead of[].您可能需要将“permission=NO_PERMISSION_REQUIRED”添加到您的 view_config
you might want to add "permission=NO_PERMISSION_REQUIRED" to your view_config