From 781f9e02e0433a77e78f07f28e5b7d2064e73af4 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Fri, 24 Dec 2010 22:56:15 -0500 Subject: fix permission discussion --- docs/narr/static.rst | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/narr/static.rst b/docs/narr/static.rst index e6be5fdff..d4f6da76d 100644 --- a/docs/narr/static.rst +++ b/docs/narr/static.rst @@ -42,16 +42,24 @@ files that live in ``/var/www/static`` as sub-URLs of the ``/static`` URL prefix. Therefore, the file ``/var/www/static/foo.css`` will be returned when the user visits your application's URL ``/static/foo.css``. -No authorization is ever required for users to visit files served by a static -view added via :meth:`~pyramid.config.Configurator.add_static_view`. If you -need "static" resources to be protected by authentication services, see -:ref:`advanced_static`. - A static directory named at ``path`` may contain subdirectories recursively, and any subdirectories may hold files; these will be resolved by the static view as you would expect. The ``Content-Type`` header returned by the static view for each particular type of file is dependent upon its file extension. +By default, all files made available via +:meth:`~pyramid.config.Configurator.add_static_view` are accessible by +completely anonymous users. Simple authorization can be required, however. +To protect a set of static files using a permission, in addition to passing +the required ``name`` and ``path`` arguments, also pass the ``permission`` +keyword argument to :meth:`~pyramid.config.Configurator.add_static_view`. +The value of the ``permission`` argument represents the :term:`permission` +that the user must have relative to the current :term:`context` when the +static view is invoked. A user will be required to possess this permission +to view any of the files represented by ``path`` of the static view. If your +static resources must be protected by a more complex authorization scheme, +see :ref:`advanced_static`. + Here's another example that uses an :term:`asset specification` instead of an absolute path as the ``path`` argument. To convince :meth:`pyramid.config.Configurator.add_static_view` to serve files up under -- cgit v1.2.3