diff options
| -rw-r--r-- | CHANGES.txt | 8 | ||||
| -rw-r--r-- | pyramid/security.py | 2 | ||||
| -rw-r--r-- | pyramid/tests/test_security.py | 3 |
3 files changed, 11 insertions, 2 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index c3e679b8a..ac22aa36d 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,6 +1,14 @@ Next release ============ +Bug Fixes +--------- + +- When no authentication policy was configured, a call to + ``pyramid.security.effective_principals`` would unconditionally return the + empty list. This was incorrect, it should have unconditionally returned + ``[Everyone]``, and now does. + Features -------- diff --git a/pyramid/security.py b/pyramid/security.py index f29edd678..4b929241e 100644 --- a/pyramid/security.py +++ b/pyramid/security.py @@ -100,7 +100,7 @@ def effective_principals(request): policy = reg.queryUtility(IAuthenticationPolicy) if policy is None: - return [] + return [Everyone] return policy.effective_principals(request) def principals_allowed_by_permission(context, permission): diff --git a/pyramid/tests/test_security.py b/pyramid/tests/test_security.py index 86149d554..ba9538b01 100644 --- a/pyramid/tests/test_security.py +++ b/pyramid/tests/test_security.py @@ -266,9 +266,10 @@ class TestEffectivePrincipals(unittest.TestCase): return effective_principals(request) def test_no_authentication_policy(self): + from pyramid.security import Everyone request = _makeRequest() result = self._callFUT(request) - self.assertEqual(result, []) + self.assertEqual(result, [Everyone]) def test_with_authentication_policy(self): request = _makeRequest() |