Make sure the default forbidden response (when a secpol has no ``forbidden``) works properly.

author: Chris McDonough <chrism@agendaless.com> 2009-05-25 01:56:39 +0000
committer: Chris McDonough <chrism@agendaless.com> 2009-05-25 01:56:39 +0000
commit: 2cca10bbe326cca7b9b2573a972d751fcc1de403 (patch)
tree: 62a6685e1bcec3ba634d060051b62a8747a7eaa6 /repoze/bfg/router.py
parent: 70764fae4bf153a24974183af36fbb462db1799b (diff)
download: pyramid-2cca10bbe326cca7b9b2573a972d751fcc1de403.tar.gz
pyramid-2cca10bbe326cca7b9b2573a972d751fcc1de403.tar.bz2
pyramid-2cca10bbe326cca7b9b2573a972d751fcc1de403.zip
1 files changed, 6 insertions, 3 deletions
diff --git a/repoze/bfg/router.py b/repoze/bfg/router.py
index fdd5495fe..ac3bd53cd 100644
--- a/repoze/bfg/router.py
+++ b/repoze/bfg/router.py
@@ -31,13 +31,15 @@ from repoze.bfg.registry import populateRegistry
 from repoze.bfg.request import HTTP_METHOD_FACTORIES
 from repoze.bfg.request import Request
 
+from repoze.bfg.security import _forbidden
+
 from repoze.bfg.settings import Settings
 
 from repoze.bfg.urldispatch import RoutesRootFactory
 
 from repoze.bfg.traversal import _traverse
 from repoze.bfg.view import _view_execution_permitted
-from repoze.bfg.wsgi import Unauthorized
+
 from repoze.bfg.wsgi import NotFound
 
 _marker = object()
@@ -55,6 +57,7 @@ class Router(object):
 
         self.request_factory = registry.queryUtility(IRequestFactory)
         security_policy = registry.queryUtility(ISecurityPolicy)
+        self.security_policy = security_policy
 
         unauthorized_app_factory = registry.queryUtility(
             IUnauthorizedAppFactory)
@@ -86,7 +89,7 @@ class Router(object):
             if hasattr(security_policy, 'forbidden'):
                 security_policy_forbidden = security_policy.forbidden
             else:
-                security_policy_forbidden = Unauthorized
+                security_policy_forbidden = _forbidden
                 warning = ('You are running with a security policy (%s) which '
                            'does not have a "forbidden" method; in BFG 0.8.2+ '
                            'the ISecurityPolicy interface in the '
@@ -101,9 +104,9 @@ class Router(object):
             self.forbidden_resp_factory = (self.forbidden_resp_factory or
                                            security_policy_forbidden)
 
-        self.security_policy = security_policy
         self.notfound_app_factory = registry.queryUtility(INotFoundAppFactory,
                                                           default=NotFound)
+        
         settings = registry.queryUtility(ISettings)
         if settings is not None:
             self.debug_authorization = settings.debug_authorization
author	Chris McDonough <chrism@agendaless.com>	2009-05-25 01:56:39 +0000
committer	Chris McDonough <chrism@agendaless.com>	2009-05-25 01:56:39 +0000
commit	2cca10bbe326cca7b9b2573a972d751fcc1de403 (patch)
tree	62a6685e1bcec3ba634d060051b62a8747a7eaa6 /repoze/bfg/router.py
parent	70764fae4bf153a24974183af36fbb462db1799b (diff)
download	pyramid-2cca10bbe326cca7b9b2573a972d751fcc1de403.tar.gz pyramid-2cca10bbe326cca7b9b2573a972d751fcc1de403.tar.bz2 pyramid-2cca10bbe326cca7b9b2573a972d751fcc1de403.zip