diff options
| author | Chris McDonough <chrism@plope.com> | 2010-12-24 22:56:15 -0500 |
|---|---|---|
| committer | Chris McDonough <chrism@plope.com> | 2010-12-24 22:56:15 -0500 |
| commit | 781f9e02e0433a77e78f07f28e5b7d2064e73af4 (patch) | |
| tree | 1f2d1a77dd32bacb0233ea6154e4e77049414407 /docs | |
| parent | e36332bcaab8cf6062fda72f4411c8cd5cfe1e4b (diff) | |
| download | pyramid-781f9e02e0433a77e78f07f28e5b7d2064e73af4.tar.gz pyramid-781f9e02e0433a77e78f07f28e5b7d2064e73af4.tar.bz2 pyramid-781f9e02e0433a77e78f07f28e5b7d2064e73af4.zip | |
fix permission discussion
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/narr/static.rst | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/docs/narr/static.rst b/docs/narr/static.rst index e6be5fdff..d4f6da76d 100644 --- a/docs/narr/static.rst +++ b/docs/narr/static.rst @@ -42,16 +42,24 @@ files that live in ``/var/www/static`` as sub-URLs of the ``/static`` URL prefix. Therefore, the file ``/var/www/static/foo.css`` will be returned when the user visits your application's URL ``/static/foo.css``. -No authorization is ever required for users to visit files served by a static -view added via :meth:`~pyramid.config.Configurator.add_static_view`. If you -need "static" resources to be protected by authentication services, see -:ref:`advanced_static`. - A static directory named at ``path`` may contain subdirectories recursively, and any subdirectories may hold files; these will be resolved by the static view as you would expect. The ``Content-Type`` header returned by the static view for each particular type of file is dependent upon its file extension. +By default, all files made available via +:meth:`~pyramid.config.Configurator.add_static_view` are accessible by +completely anonymous users. Simple authorization can be required, however. +To protect a set of static files using a permission, in addition to passing +the required ``name`` and ``path`` arguments, also pass the ``permission`` +keyword argument to :meth:`~pyramid.config.Configurator.add_static_view`. +The value of the ``permission`` argument represents the :term:`permission` +that the user must have relative to the current :term:`context` when the +static view is invoked. A user will be required to possess this permission +to view any of the files represented by ``path`` of the static view. If your +static resources must be protected by a more complex authorization scheme, +see :ref:`advanced_static`. + Here's another example that uses an :term:`asset specification` instead of an absolute path as the ``path`` argument. To convince :meth:`pyramid.config.Configurator.add_static_view` to serve files up under |