3 files changed, 21 insertions, 0 deletions

diff --git a/CHANGES.txt b/CHANGES.txt
index 34e722fd6..880f7a3f3 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -10,6 +10,11 @@ Bug Fixes
   than  saying ``pcreate -s starter /foo/bar``.  The former did not work
   properly.
 
+- Fix the ``principals_allowed_by_permission`` method of 
+  ``ACLAuthorizationPolicy`` so it anticipates a callable ``__acl__`` 
+  on resources.  Previously it did not try to call the ``__acl__``
+  if it was callable.
+
 Documentation
 -------------
 
diff --git a/pyramid/authorization.py b/pyramid/authorization.py
index 1fd05e244..5e7baa19d 100644
--- a/pyramid/authorization.py
+++ b/pyramid/authorization.py
@@ -122,6 +122,9 @@ class ACLAuthorizationPolicy(object):
             allowed_here = set()
             denied_here = set()
             
+            if acl and callable(acl):
+                acl = acl()
+
             for ace_action, ace_principal, ace_permissions in acl:
                 if not is_nonstr_iter(ace_permissions):
                     ace_permissions = [ace_permissions]
diff --git a/pyramid/tests/test_authorization.py b/pyramid/tests/test_authorization.py
index 60b1b0c8d..05cd3b4f8 100644
--- a/pyramid/tests/test_authorization.py
+++ b/pyramid/tests/test_authorization.py
@@ -146,6 +146,19 @@ class TestACLAuthorizationPolicy(unittest.TestCase):
             policy.principals_allowed_by_permission(context, 'read'))
         self.assertEqual(result, ['chrism'])
 
+    def test_principals_allowed_by_permission_callable_acl(self):
+        from pyramid.security import Allow
+        from pyramid.security import DENY_ALL
+        context = DummyContext()
+        acl = lambda: [ (Allow, 'chrism', ('read', 'write')),
+                        DENY_ALL,
+                        (Allow, 'other', 'read') ]
+        context.__acl__ = acl
+        policy = self._makeOne()
+        result = sorted(
+            policy.principals_allowed_by_permission(context, 'read'))
+        self.assertEqual(result, ['chrism'])
+        
     def test_principals_allowed_by_permission_string_permission(self):
         from pyramid.security import Allow
         context = DummyContext()