diff options
| -rw-r--r-- | repoze/bfg/security.py | 1 | ||||
| -rw-r--r-- | repoze/bfg/tests/test_security.py | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py index bfc43d752..4b28811cc 100644 --- a/repoze/bfg/security.py +++ b/repoze/bfg/security.py @@ -260,6 +260,7 @@ class InheritingACLSecurityPolicy(object): # clear the entire allowed set, as we've hit a # deny of Everyone ala (Deny, Everyone, ALL) allowed = set() + break elif ace_principal in allowed: allowed.remove(ace_principal) diff --git a/repoze/bfg/tests/test_security.py b/repoze/bfg/tests/test_security.py index 20ec1d4db..03a466e7c 100644 --- a/repoze/bfg/tests/test_security.py +++ b/repoze/bfg/tests/test_security.py @@ -356,7 +356,7 @@ class TestInheritingACLSecurityPolicy(unittest.TestCase): policy = self._makeOne(lambda *arg: None) result = sorted( policy.principals_allowed_by_permission(context, 'read')) - self.assertEqual(result, ['chrism', 'other']) + self.assertEqual(result, ['chrism']) def test_principals_allowed_by_permission(self): from repoze.bfg.security import Allow |